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Description 

Field of the Invention 

10001] The present invention relates to a system for 
managing copyrights for using, storing, copying, editing, 
or transmitting digital data, particularly applicable to a 
multimedia system. 

Background of the Invention has been spread 

[0002] In information-oriented society of today, a da- 
tabase system has been spread in which various data 
values having independently been stored in each com- 
puter so far are mutually used by connecting computers 
by communication lines. 

[0003] The information having been handled by the 
database system is classical type coded information 
which can be processed by a computer and has a small 
amount of information or monochrome binary data like 
facsimile data at most. Therefore, the database system 
has not been able to handle data with an extremely large 
amount of information such as a natural picture and a 
motion picture. 

[0004] However, while the digital processing tech- 
nique for various electric signals develops, development 
of the digital processing art for a picture signal other than 
binary data having been handled only as an analog sig- 
nal is progressed. 

[0005] By digitizing the above picture signal, a picture 
signal such as a television signal can be handled by a 
computer. Therefore, a "multimedia system" for han- 
dling various data handled by a computer and picture 
data obtained by digitizing a picture signal at the same 
time is noticed as a future technique. 
[0006] Because picture data includes an overwhelm- 
ingly large amount of information compared to character 
data and audio data, it is difficult to directly store or trans- 
mit the picture data or apply various processings to the 
picture data by a computer. 

[0007] Therefore, it has been considered to compress 
or expand the picture data and several standards for 
compressing or expanding picture data have been pre- 
pared. Among those standards, the following standards 
have been prepared so far as common standards: JPEG 
(Joint Photographic image coding Experts Group) 
standard for a still picture, H.261 standard for a video 
conference, MPEG1 (Moving Picture image coding Ex- 
perts Group 1) standard for storing pictures, and 
MPEG2 corresponding to the present telecast and the 
high-definition telecast 

[0008] Real-time processing of digital picture data has 
been realized by these techniques. 
[0009] Because hitherto widely-spread analog data is 
deteriorated in quality whenever storing, copying, edit- 
ing, or transmitting it, the editing of a copyright produced 
due to the above operation has not been a large prob- 
lem. However, because digital data is not deteriorated 



in quality after repeatedly storing, copying, editing, or 
transmitting it, the editing of a copyright produced due 
to the above operation is a large problem. 
[0010] Because there is not hitherto any exact method 

s for dealing with a copyright for digital data, the copyright 
is handled by the Copyright Act or contracts. Even in the 
Copyright Act, compensation money for a digital-type 
sound- or picture-recorder is only systematized. 
[0011] Use of a database includes not only referring 

10 to the contents of the database but also normally effec- 
tivety using the database by storing, copying, or editing 
obtained data. Moreover, it is possible to transmit edited 
data to another person via on-line by a communication 
line or a proper recording medium. Furthermore, it is 

'5 possible to transmit the edited data to the database to 
enter it as new data. 

[001 2] In an existing database system, only character 
data is handled. In a multimedia system, however, audio 
data and picture data which are originally analog data 
20 are digitized and formed into a database in addition to 
the data such as characters which have been formed 
into a database so far. 

[0013] Under the above situation, how to deal with a 
copyright of data formed into a database is a large prob- 

25 (em. However, there has not been adequate copyright 
management means for solving the problem so far, par- 
ticularly copyright management means completed for 
secondary utilization of the data such as copying, edit- 
ing, or transmitting of the data. 

30 [0014] The inventor of the present invention etal. pro- 
posed a system for managing a copyright by obtaining 
a permit key from a key control center via a public tele- 
phone line through Japanese Patent Laid-Open No. 
46419/1994 and Japanese Patent Laid-Open No. 

35 141004/1994 and moreover, proposed an apparatus for 
managing the copyright through Japanese Patent Laid- 
Open No. 132916/1994. 

[001 5] Moreover, they proposed a copyright manage- 
ment method for primary utilization of digital data such 

*o as display (including process to sound) or storage of the 
digital data in a database system including real-time 
transmission of a digital picture and secondary utiliza- 
tion of the digital data such as copying, editing, or trans- 
mitting of the digital data by further developing the above 

45 prior invention through Japanese Patent Application No. 
64889/1994. 

[0016] The database copyright management system 
of the prior applications use anyone or some of a pro- 
gram for managing a copyright, copyright information, 

50 and a copyright management message in addition to a 
use permit key corresponding to a requested use in or- 
der to manage the copyright. The copyright manage- 
ment message is displayed when utilization infringing 
the user's request or authorized contents is found to give 

55 caution or warning to a user and the copyright manage- 
ment program performs monitoring and management so 
that utilization infringing the user's request or authorized 
contents is not performed. 
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[0017] There are cases in which all of a copyright 
management program, copyright information and a cop- 
yright management message is supplied together with 
each permit key respectively, the whole of them is sup- 
plied together with data, and part of them is supplied s 
together with the permit key and other part is supplied 
together with the data. 

[0018] The data, the permit key, the copyright man- 
agement message, the copyright information, or the 
copyright management program has the following three 10 
cases: a case in which it is transmitted by being encrypt- 
ed and it is decrypted when it is used, a case in which 
it is transmitted by being encrypted and remains in en- 
crypted except being decrypted only when it is dis- 
played, and a case in which it is not encrypted at all. 15 
[0019] EP 191162 A discloses a method for discour- 
aging the copying and sharing of software programs. 
For this purpose the owner of an encrypted program 
software receives a password from which a decryption 
key is recovered. The software may then be decrypted 20 
using this decryption key and a locally stored decryption 
feature and is stored as decrypted program in a protect- 
ed, inaccessible memory area. 

SUMMARY OF THE INVENTION 25 

[0020] The object of the present invention is to im- 
prove a data copyright management system realized by 
embodying the data copyright management method of 
the prior application proposed in the above Japanes 30 
Patent Application No. 64889/1994. 
[0021] This object is solved by the data copyright 
management system according to claim 1 . Further im- 
provements of the data copyright management system 
according to the invention are presented in the depend- 35 
ent claims. 



Figure 8 illustrates a digital cash system for embod- 
iments 17 and 18 of the present invention; 
Figure 9 illustrates a video conference system for 
embodiment 19 of the present invention; and 
Figure 1 0 illustrates an embodiment of a user ter- 
minal used for the data copyright management sys- 
tem of the present invention. 

Detailed Description of the Preferred Embodiments 

[0023] Though the present invention is described be- 
low, general description is made for cryptography at first. 
[0024] The cryptography includes a secret-key cryp- 
tosystem and a public-key crypto system. 
[0025] The secret-key cryptosystem is a cryptosys- 
tem using the same crypt key for encryption and decryp- 
tion. While this cryptosystem requires only a short time 
for encryption or decryption, the secret-key is found, and 
thus, the cryption may be cryptanalized. 
[0026] The public-key cryptosystem is a cryptosystem 
in which a key for encryption is open to the public as a 
public-key and a key for decryption is not open to the 
public. The key for encryption is referred to as a public- 
key and the key for decryption is referred to as a private- 
key. To use this cryptosystem, it is necessary that a party 
for transmitting information encrypts the information 
with a public-key of a party for receiving the information 
and the party for receiving the information decrypts the 
information with a private-key not open to the public. 
While this cryptosystem requires relatively a long time 
for encryption or decryption, the private-key can hardly 
be found and it is very difficult to cryptanalyze the cryp- 
tion. 

[0027] In the cryptography, a case of encrypting a 
plaintext M with a crypt key K to obtain a cryptogram C 
is expressed as 



Brief Description of the Drawings 

[0022] 40 

Figure 1 illustrates a data copyright management 
system for embodiments 1,2, and 3 of the present 
invention; 

Figure 2 illustrates a data copyright management 45 
system of embodiment 4 of the present invention; 
Figure 3 illustrates a data copyright management 
system for embodiments 5, 6, and 7 of the present 
invention; 

Figure 4 illustrates a data copyright management so 
system for embodiments 8, 9, . 10 and 11 of the 
present invention; 

Figure 5 illustrates a data copyright management 
system for embodiments 12 and 13 of the present 
invention; 55 
Figure 6 is an illustration for data editing; 
Figure 7 is an illustration showing a digital cash sys- 
tem; 



C = E(K, M) 

and a case of decrypting the cryptogram C with the cryp- 
tographic key K to obtain the plaintext M is expressed as 

M = D(K, C). 

[0028] The cryptosystem used for the present inven- 
tion uses a secret-key cryptosystem in which the same 
secret-key Ks is used for encryption and decryption, and 
a public-key cryptosystem in which a public-key Kb is 
used for encryption of a plaintext and a private-key Kv 
is used for decryption of a cryptogram. 

[Embodiment 1] 

[0029] Figure 1 shows the first embodiment of the da- 
ta copyright management system of the present inven- 
tion. The first embodiment uses the secret-key system 
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as a cryptosystem. 

[0030] In the case of the embodiment in Figure 1 , ref- 
erence numeral 1 represents a database in which text 
data, binary data serving as a computer graphic display 
or a computer program, digital audio data, and digital 5 
picture data are stored by being encrypted, 2 represents 
a space satellite such as a communications satellite or 
a broadcasting satellite, 3 represents a data recorder 
such as a CD -ROM or a flexible disk, 8 represents a 
communication network such as a public telephone line 10 
offered by a communication enterprise or a CATV line 
offered by a cable television enterprise, 4 represents a 
primary user terminal, and 9 represents a key control 
center for managing a secret-key, and 10 represents a 
copyright management center for managing a data cop- 15 
yright. 

[0031] Reference numerals 5, 6, and 7 represent a 
secondary user terminal, a tertiary user terminal, and n- 
order user terminal respectively, and 11,12, and 13 rep- 
resent a secondary disk, tertiary disk, and n-order disk 20 
serving as a recording medium such as a flexible disk 
or CD-ROM respectively. The symbol "n" represents an 
optional integer. When "n" is larger than 4, a correspond- 
ing user terminal and a corresponding disk are arranged 
between the tertiary user terminal 6 and the n-order user 25 
terminal 7 and between the tertiary disk 12 and the n- 
order disk 13 respectively. 

[0032] On the above arrangement, the database 1, 
key control center 9, copyright management center 10, 
primary user terminal 4, secondary user terminal 5, ter- 30 
tiary user terminal 6, and n-order user terminal 7 are 
connected to the communication network 8. 
[0033] In this figure, the path shown by a broken line 
is a path of encrypted data, a path shown by a solid line 
is a path of requests from each user terminal, and a path 35 
shown by a one-dot chain line is a path through which 
authorization information corresponding to a utilization 
request and a secret-key are transferred. 
[0034] Moreover, each user who uses this system is 
previously entered in the database system. When the *o 
user is entered in the system, a database utilization soft- 
ware is given to the user. The database utilization soft- 
ware includes not only normal communication software 
such as a data communication protocol but also a pro- 
gram for running a copyright management program. 45 
[0035] Original data M0 of text data, binary data as a 
computer graphic display or computer program, digital 
audio data, or digital picture data stored in the database 
1 or data recording medium 3 is one-way supplied to the 
primary user terminal 4 via the satellite 2 or recording so 
medium 3. In this case, the data is encrypted with a first 
secret-key Ks1: 

CmOksl =E(Ks1,M0). 55 

[0036] Even if data provided with advertisement to be 
offered free of charge, it is necessary to be encrypted 
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in order to protect the copyright. 
[0037] It is disclosed in the above described Japa- 
nese Patent Application No. 64889/1994 which is the 
prior application that the data utilization includes not on- 
ly displaying of data which is the most basic usage but 
also storing, editing, copying, and transmitting of the da- 
ta, a use permit key is prepared which corresponds to 
one or several forms of use, and its management is ex- 
ecuted by the copyright management program. 
[0038] Moreover, it is described there that data is en- 
crypted again by the copyright management program for 
use such as storing, copying, editing and transmitting of 
the data other than displaying of the data and displaying 
for editing the data. 

[0039] In other words, the data whose copyright is 
claimed is encrypted to be distributed, and only when 
the data is displayed or displayed for editing the data in 
a user terminal having a copyright treatment function, 
the data is decrypted to a plaintext. 
[0040] This embodiment uses the method described 
in the prior application. 

[0041] A primary user who desires primary utilization 
of the supplied encrypted data CmOksl requests for pri- 
mary utilization of the encrypted original data CmOksl 
by designating the original data name or the original da- 
ta number to the key management center 9 via the com- 
munication network 8 from the primary user terminal 4. 
In this case, the primary user must present information 
Iu1 for primary user to the key management center 9. 
[0042] The key management center 9 receiving the 
Primary utilization request from the primary user termi- 
nal 4 transfers the first secret-key Ks1 for decrypting the 
encrypted original data CmOksl obtained from the da- 
tabase 1 by the primary user and the second secret-key 
Ks2 for re-encrypting the decrypted original data M0 or 
edited data M1 from the original data, together with a 
copyright management program P via the communica- 
tion network 8 to the primary user terminal 4. 
[0043] In the primary user terminal 4 receiving the first 
secret-key Ks1 as a decryption key and the second se- 
cret-key Ks2 as an encryption/decryption key, the en- 
crypted original data CmOksl is decrypted by using the 
copyright management program P and the first secret- 
key Ks1 

M0 = D(Ks1, CmOksl) 

to use the decrypted original data M0 directly or data M1 
as edited. 

[0044] When the data M which is the original data M0 
or edited data M1 is stored in a memory or a built-in hard 
disk drive of the primary user terminal 4, only the primary 
user can use the data. However, when the data M is cop- 
ied to the external recording medium 11 such as a flex- 
ible disk or transmitted to the secondary user terminal 
5 via the communication network 8, a problem of a cop- 
yright due to secondary utilization occurs. 
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[0045] When the original data MO obtained by a pri- 
mary user is directly copied and supplied to a secondary 
user, the copyright of the primary user is not effected on 
the data MO because the original data MO is not modified 
at all. However, when the primary user produces new 
data M1 by editing the obtained data or by using means 
such as combination with other data, the copyright of 
the primary user, i.e., secondary exploitation right oc- 
curred from secondarily utilizing original data, is effected 
on the data M1. 

{0046] Similarly, when a secondary user produces 
new data M2 by editing the original data M0 or edited 
data M1 obtained from the primary user by means such 
as combination of other data, the copyright of the sec- 
ondary user; i.e., secondary exploitation right on the 
secondary user is also effected. 
[0047] In this embodiment, to correspond to the prob- 
lem of the copyright, the data M is encrypted by the sec- 
ond secret-key Ks2 using the copyright management 
program P when the data M is stored, copied, or trans- 
mitted. Thereafter, in the primary user terminal 4, the 
data M is decrypted and encrypted by the second se- 
cret-key Ks2: 

Cmks2 = E(Ks2, M) 



M = D(Ks2, Cmks2). 

[0048] It is free in principle that the primary user dis- 
plays and edits data to obtain edited data. In this case, 
however, it is possible to limit the repetitions of the op- 
eration by the copyright management program. 
[0049] When the data M is copied to the external re- 
cording medium 11 or transmitted via the communica- 
tion network 8, the first secret-key Ks1 and the second 
secret-key Ks2 in the primary user terminal 4 are dis- 
used by the copyright management program P. There- 
fore, when reusing the data M, the primary user requests 
for utilization of the data M to the key control center 9 to 
again obtain the second secret-key Ks2. 
[0050] The fact that the user receives the regrant of 
the second secret-key Ks2 represents secondary utili- 
zation of data in which the data M has been copied to 
the external recording medium 11 or transmitted to the 
secondary user terminal 5 via the communication net- 
work 8. Therefore, the fact is entered in the copyright 
management center 10 from the key control center 9 
and subsequent secondary utilization comes possible. 
[0051] The data M is moved from the primary user ter- 
minal 4 to the secondary user terminal 5 by the external 
recording medium 11 or the communication network 8. 
When the data M is copied to the external recording me- 
dium 11 or transmitted via the communication network 
8, it is encrypted by the second secret-key Ks2. 
[0052] When the data M is copied to the external re- 
cording medium 11 and transmitted via the communica- 



tion network 8, the first secret-key Ks1 and the second 
secret-key Ks2 in the primary user terminal 4 are dis- 
used. In this case, uncrypted primary user information 
Iu1 is added to the encrypted data Cmks2 stored in the 

s primary user terminal 4 and when the encrypted data 
Cmks2 is transmitted to a secondary user, the primary 
user information Iu1 is also transferred. 
[0053] A secondary user who desires secondary uti- 
lization of the encrypted data Cmks2 copied or transmit- 

10 ted from a primary user must designate original data 
name or data number to the copyright management 
center 10 via the communication network 8 by the sec- 
ondary user terminal 5 and also present the secondary 
user information fu2 to request for secondary utilization 

*s of the data Cmks2 to the center 10. In this case, the 
secondary user further presents the uncrypted primary 
user information Iu1 added to the encrypted data Cmks2 
in order to clarify the relationship with the primary user, 
[0054] The copyright management center 1 0 confirms 

20 that the primary user has received a regrant of the sec- 
ond secret-key Ks2 for secondary-utilizing the data, in 
accordance with the presented primary user information 
Iu1 and then, transfers the second secret-key Ks2 serv- 
ing as a decryption key and the third secret-key Ks3 

25 serving as an encryption/decryption key to the second- 
ary user terminal 5 via the communication network 8. 
[0055] In the secondary user terminal 5 receiving the 
second secret-key Ks2 and the third secret-key Ks3, the 
encrypted data Cmks2 is decrypted using the second 

30 secret-key Ks2 by the copyright management program 
P 

M = D(Ks2, Cmks2) 

35 

and is secondarily utilized such as being displayed or 
edited. 

[0056] In this embodiment, the key control center 9 
processes a primary utilization requests and the copy- 

40 right management center 1 0 processes a secondary uti- 
lization requests. While the data M supplied to a primary 
user is encrypted by the first secret-key Ks1 , the data M 
supplied to a secondary user is encrypted by the second 
secret-key Ks2. Moreover, the first secret-key Ks1 and 

^5 the second secret-key Ks2 are transferred to the primary 
user as crypt keys from the key control center 9. 
[0057] Therefore, if the secondary user, instead of the 
primary user, falsely requests for primary utilization to 
the key control center 9, the first secret-key Ks1 for de- 

so cryption and the second secret-key Ks2 for encryption/ 
decryption are transferred to the secondary user. How- 
ever, the secondary user cannot decrypt the encrypted 
data Cmks2 by using the first secret-key Ks1 transferred 
as a decryption key. 

55 [0058] Therefore, it is impossible to falsely request for 
data utilization and resultingly, not only the original cop- 
yright of data but also the copyright of the primary user 
on the data are protected. 
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[0059] When storing, copying, or transmitting of the 
data M other than displaying and displaying for editing 
is performed in the secondary user terminal 5, the data 
M is encrypted using the third secret-key Ks3 by the cop- 
yright management program P and thereafter, the data s 
is decrypted and encrypted by the third secret-key Ks3: 

Cmks3 = E(Ks3, M) 

10 

M = D(Ks3, Cmks3). 

[0060] Moreover, it is free in principle that a secondary 
user displays and edits data to obtain the edited data *5 
M2. In this case, it is possible to limit the repetitions of 
the operation by the copyright management program P. 
[0061] When the data M is copied to the external re- 
cording medium 12 or transmitted via the communica- 
tion network 8, the second secret-key Ks2 and the third 20 
secret-key Ks3 in the secondary user terminal 5 are dis- 
used by the copyright management program P. There- 
fore, when reusing the data M, the secondary user re- 
quests for the utilization of the data to the copyright man- 
agement center 10 to again obtain the third secret-key 25 
Ks3. 

[0062] The fact that the secondary user receives a re- 
grant of the third secret-key Ks3 represents secondary 
utilization of data in which the data M has been copied 
to the external recording medium 12 or transmitted to 30 
the tertiary user terminal 6 via the communication net- 
work 8. Therefore, the fact is entered in the copyright 
management center 10 and allows the secondary user 
for subsequest data use. 

[0063] The data M is moved from the secondary user 35 
terminal 5 to the tertiary user terminal 6 by the external 
recording medium 12 or by the communication network 
8. When the data M is copied to the external recording 
medium 12 or transmitted via the communication net- 
work 8, it is encrypted by the third secret-key Ks3. <o 
[0064] When the data M is copied to the external re- 
cording medium 1 2 or transmitted to the tertiary user ter- 
minal 6 via the communication network 8, the second 
secret-key Ks2 and the third secret-key Ks3 in the sec- 
ondary user terminal 5 are disused. In this case, the un- 45 
crypted secondary user information Iu2 is added tothe 
encrypted data Cmks3 stored in the secondary user ter- 
minal 5, and when the encrypted data Cmks3 is trans- 
mitted to a tertiary user, the secondary user information 
Iu2 is also transferred. so 
[0065] In adding each user information to data, there 
are two cases: a case in which every information is add- 
ed to data whenever it is copied or transmitted; and an- 
other in which the history updated whenever the data is 
copied or transmitted is stored in the copyright manage- 55 
ment center. 

[0066] A tertiary user who desires tertiary utilization 
of the encrypted data Cmks3 copied or transmitted from 
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the secondary user must designate original data name 
or number to the copyright management center 10 from 
a tertiary user terminal 6 via the communication network 
8 and also presents the tertiary user information Iu3 to 
request for tertiary utilization of the data. In this case, 
the tertiary user further presents the uncrypted second- 
ary user information Iu2 added to the encrypted data 
Cmks3 in order to clarify the relationship with the sec- 
ondary user. 

[0067] The copyright management center 1 0 confirms 
that the secondary user has received a regrant of the 
third secret-key Ks3 for tertiary-utilizing the data, in ac- 
cordance with the presented secondary user informa- 
tion Iu2 and then, transfers the third secret-key Ks3 
serving as a decryption key and the fourth secret-key 
Ks4 serving as an encryption/decryption key to the ter- 
tiary user terminal 6 via the communication network 8. 
[0068] In the tertiary user terminal 6 receiving the third 
secret-key Ks3 and the fourth secret-key Ks4, the en- 
crypted data Cmks3 is decrypted using the third secret- 
key Ks3 by the copyright management program P 

M = D(Ks3, Cmks3) 

and is tertiarily utilized such as being displayed or edit- 
ed. 

[0069] In this embodiment, the data M supplied to a 
primary user is encrypted by the first secret-key Ks1 and 
the data M supplied to a secondary user is encrypted by 
the second secret-key Ks2, and the data M supplied to 
a tertiary user is encrypted by the third secret-key Ks3. 
[0070] Therefore, if the tertiary user, instead of the pri- 
mary user, falsely requests for primary utilization to the 
key control center 9, the first secret-key Ks1 for decryp- 
tion and the second secret-key Ks2 for encryption/de- 
cryption are transferred to the tertiary user. However, it 
is impossible to decrypt the encrypted data Cmks3 by 
the first secret-key Ks1 transferred as a decryption key. 
[0071] Moreover, if the tertiary user, instead of the 
secondary user, falsely requests for secondary utiliza- 
tion to the key control center 9, the second secret-key 
Ks2 and the third secret-key Ks3 are transferred to the 
tertiary user as a decryption key and an encryption/de- 
cryption key respectively. However, it is impossible to 
decrypt the encrypted data CmKs3 by the second se- 
cret-key Ks2 transferred as a decryption key. 
[0072] Therefore, it is impossible to falsely request for 
data utilization. As a result, not only the original copy- 
right of the data but also the copyrights of the primary 
and secondary users on the data are protected. 
[0073] The same procedure is applied to quaternary 
and subsequent utilization. 

[0074] In the above described embodiment, the data- 
base 1 , key control center 9, and copyright management 
center 1 0 are separately arranged. However, it is not al- 
ways necessary to arrange them separately. It is also 
possible to aet all of or proper two of them integrally. 
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[0075] Moreover, it is also possible to request for a 
regrant of a secondary crypt key from the primary user 
not to the key control center 9 as described in the above 
embodiment but to the copyright management center 
10. 

[Embodiment 2] 

[0076] Then, embodiment 2 is described below. 
Though the structure of this embodiment is mostly the 
same as that of the first embodiment, a copyright man- 
agement program and, if circumstances require, first 
and second secret-keys are encrypted and supplied. 
[0077] Also in the case of this embodiment, similarly 
to the case of the first embodiment, original data is en- 
crypted and supplied one-way to a user from a single 
database and the user selects necessary data out of the 
original data. 

[0078] Because the system structure used for the sec- 
ond embodiment is the same as that of embodiment 1 
shown in Figure 1 , description of the system structure 
is omitted. 

[0079] In his embodiment, the original data MO stored 
in the database 1 is supplied one-way to the primary us- 
er terminal 4 via the satellite 2, recording medium 3, or 
communication network 8. The data M0 is encrypted by 
the first secret-key Ks1: 

CmOksl = E(Ks1, M0). 

[0080] A primary user who desires primary utilization 
of the supplied encrypted data CmOksl requests for the 
primary utilization of the encrypted original data CmOksl 
to the key control center 9 by using the primary user ter- 
minal 4 and designating an original data name or an 
original data number via the communication network 8. 
In this case, the primary user must present the primary 
user information Iu1 to the key control center 9. 
[0081] The key management 9 receiving the request 
of the primary utilization of the encrypted original data 
CmOksl generates a secret-key Ksu1 unique to the pri- 
mary user using the primary user information Iu1 and 
transfers it to the copyright management center 10. 
[0082] The copyright management center 10 receiv- 
ing the primary user unique secret - key Ksu1 encrypts 
the copyright management program P by using the pri- 
mary user unique secret-key Ksu1 

Cpksul = E(Ksu1, P) 

and transfers an encrypted copyright management pro- 
gram Cpksul to the key control center 9. The encrypted 
copyright management program Cpksul thus generat- 
ed is inherent in the primary user. 
[0083] The key control center 9 transfers the first se- 
cret-key Ks1 for decryption and the second secret-key 



Ks2 for decryption/encryption to the primary user termi- 
nal 4 via the communication network 8, together with the 
encrypted copyright management program Cpksul re- 
ceived from the copyright management center 10. 

5 [0084] In the primary user terminal 4 receiving the en- 
crypted copyright management program Cpksul, first 
secret-key Ks1, and second secret-key Ks2, database 
system software S previously distributed generates a 
primary user unique secret-key Ksu1 in accordance with 

*o the primary user information Iu1 : 

Ksu1 =S(lu1), 

is and an encrypted copyright management program 
Cpksul is decrypted by the generated primary user 
unique secret-key Ksu1 : 

20 P = D(Ksu1, Cpksul), 

the encrypted original data CmOksl is decrypted by the 
first secret-key Ks1 using the copyright management 
program P: 

25 

M0 = D(Ks1, CmOksl), 

and the decrypted original data M0 directly or edited da- 

30 ta M1 is used. 

[0085] When the data M as the original data M0 or 
edited data M1 is stored, copied, or transmitted, it is en- 
crypted by the copyright management program P using 
the secret-key Ks2, and thereafter the data M is decrypt- 

35 ed and encrypted in the primary user terminal 4 by the 
second secret-key Ks2: 

Cmks2 = E(Ks2, M) 



M = D(Ks2, Cmks2). 

[0086] When the data M is copied to the external re- 
cording medium 11 or the data is transmitted via the 
communication network 8 t the first secret-key Ks1 and 
the second secret-key Ks2 in the primary user terminal 
4 are disused by the copyright management program P. 
Therefore, when the primary user uses the data M 
again, the user requests for utilization of the data M to 
the key control center 9 to again obtain the second se- 
cret-key Ks2. 

[0087] The fact that the primary user receives a re- 
grant of the second secret-key Ks2 represents second- 
ary utilization of data in which the data M has been cop- 
ied to the external recording medium 11 or transmitted 
to the secondary user terminal 5 via the communication 
network 8. Therefore, this is entered in the copyright 
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management center 10 from the key control center 9 
and thereafter, secondary utilization of the data can be 
made. 

[0088] The data M is moved from the primary user ter- 
minal 4 to the secondary user terminal 5 by the external 
recording medium 11 or by the communication network 
8. 

[0089] When the data M is copied to the external re- 
cording medium 11 or transmitted via the communica- 
tion network 8, it is encrypted by the second secret-key 
Ks2. 

[0090] When the data M is copied to the external re- 
cording medium 11 or transmitted via the communica- 
tion network 8, the first secret-key Ks1 and the second 
secret-key Ks2 in the primary user terminal 4 are dis- 
used. In this case, the uncrypted information Iu1 on a 
primary user is added to the encrypted data Cmks2 
stored in the primary user terminal 4. Therefore, when 
the encrypted data Cmks2 is transmitted to a secondary 
user, the primary user information Iu1 is also transferred 
to the user. 

[0091] A secondary user who desires secondary uti- 
lization of the encrypted data Cmks2 copied or transmit- 
ted from the primary user must designate a data name 
or number added to the original data to the copyright 
management center 10 via the communication network 
8 by the secondary user terminal 5 and also presents a 
secondary user information Iu2 to request for the sec- 
ondary utilization of the data to the center 10. In this 
case, the secondary user further presents the uncrypted 
primary user information Iu1 added to the encrypted da- 
ta Cmks2 in order to clarify the relationship with the pri- 
mary user. 

[0092] The copyright management center 1 0 confirms 
that the primary user has received a regrant of the sec- 
ondary secret-key Ks2 for secondary-utilizing the data 
in accordance with the presented primary user informa- 
tion Iu1 and then, generates a secret-key Ksu2 unique 
to the secondary user in accordance with the presented 
secondary user information Iu2. 
[0093] The copyright management center 1 0 encrypts 
the copyright management program P by the secondary 
user unique secret-key Ksu2 

Cpksu2 = E(Ksu2, P) 

and transfers the encrypted copyright management pro- 
gram Cpksu2, second secret-key Ks2 serving as a de- 
cryption key, and third secret-key Ks3 serving as an en- 
cryption/decryption key via the communication network 
8 to a secndary user terminal 5. 
[0094] Moreover, the information Iu1 for a primary us- 
er may be added to the encrypted copyright manage- 
ment program Cpksu2. 

[0095] In the secondary user terminal 5 receiving the 
second secret-key Ks2 and the third secret-key Ks3, da- 
tabase utilization software generates a secondary user 



unique secret-key Ksu2 in accordance with the second- 
ary user information Iu2 

5 Ksu2 = S(lu2), 

and an encrypted copyright management program 
Cpksu2 by the generated secondary user unique secret- 
key Ksu2 

10 

P = D(Ksu2, Cpksu2), 

the encrypted original data Cmks2 is decrypted by the 
15 second secret-key Ks2 using the decrypted copyright 
management program P 

M = D(Ks2, Cmks2), 

20 

and the decrypted data M directly or by editing it is used. 
[0096] Thus, by generating a crypt key unique to a us- 
er in accordance with the information of the user re- 
quests for utilization, and encrypting a copyright man- 
25 agement program by the generated user unique crypt 
key, the safety of a data copyright management system 
is improved. 

[0097] Moreover, by encrypting each secret-key to be 
supplied to a user, using the user unique crypt key, the 
30 safety of the data copyright management system can 
further be improved. 

[Embodiment 3] 

35 [0098] Furthermore, as still another method for con e- 
sponding to the problem of a copyright caused when the 
data M is copied to the external recording medium 11 or 
transmitted via the communication network 8 in the sys- 
tem shown in Figure 1 , it is possible to limit the primary 
40 utilization request by a user of the primary user terminal 
4 to only for permits of displaying, storing and editing so 
that other utilization such as copying and transmitting 
cannot be authorized except by separate requests, and 
disuse the first secret-key Ks1 and the second secret- 
es key Ks2 in the primary user terminal 4 when the data M 
is copied to the external recording medium 1 1 or trans- 
mitted to the secondary user terminal 5 via the commu- 
nication network 8. 

[0099] . Thus, it is possible that the copyright manage- 
50 ment center 1 0 further securely grasps copying or trans- 
mitting of the data M. 

[Embodiment 4] 

55 [0100] Figure 2 shows a structure of embodiment4 of 
the data copyright management system of the present 
invention. 

[0101] In the case of the system shown in Figure 1, 
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encrypted data is one-way supplied via the satellite 2, 
recording medium 3, or communication network 8. In the 
case of embodiment 2, however, encrypted data is two- 
way supplied in accordance with a request from the pri- 
mary user 4. 5 
[0102] This embodiment uses the public-key crypto- 
system as a crypt key system. 
[0103] It is matter of course that embodiment 2 can 
be applied when using a satellite broadcast, ground 
wave broadcast, CATV broadcast or a recording medi- 10 
urn other than a database as data supply means provid- 
ed with advertisement requiring no charge or encryp- 
tion. 

[01 04] In the system shown in Figure 2 similarly to the 
system shown in Figure 1, reference numeral 1 repre- *5 
sents a database, 4 represents a primary user terminal, 
5 represents a secondary user terminal, 6 represents a 
tertiary user terminal, and 7 represents an n-order user 
terminal. 

[0105] And 14 represents a secondary copyright man- 20 
agement center, 15 represents a tertiary copyright man- 
agement center, 16 represents an n-order copyright 
management center, 8 represents a communication net- 
work such as a public telephone line offered by a com- 
munication enterprise or a CATV line offered by a cable 25 
television enterprise. 

[0106] On the above arrangement, the database 1, 
primary user terminal 4, secondary user terminal 5, ter- 
tiary user terminal 6, n-order user terminal 7, secondary 
copyright management center 14, tertiary copyright 30 
management center 1 5, and n-order copyright manage- 
ment center 16 are connected to the communication 
network 8 and also they can be connected each other. 
[0107] In Figure 2, a path shown by a broken line rep- 
resents a path for encrypted data, a path shown by a 35 
solid line represents a path of requests from each user 
terminal, a path shown by a one-dot chain line repre- 
sents a path through which authorization information 
sent from each database corresponding to a utilization 
request and a crypt key are transferred, and a path 40 
shown by a two-dot chain line represents a path through 
which copyright information is transferred from the da- 
tabase or each copyright management center database 
to a next-order copyright management center database. 
[0108] Each user who uses this system is previously 45 
entered in a database system and in this time, database 
utilization software is provided him. The database utili- 
zation software includes a program for decrypting an en- 
crypted copyright management program in addition to 
normal communication software such as data commu- so 
nicating protocol. 

[0109] To use the database 1, a primary user must 
prepare primary-user authentication data Au1, a first 
public-key Kb1 , a first private-key Kv1 corresponding to 
the first public-key Kb1 , a second public-key Kb2, and 55 
a second private-key Kv2 corresponding to the second 
public-key Kb2, and accesses the database 1 from the 
primary user terminal 4 via the communication network 
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8. 

[01 1 0] The database 1 receiving the primary-user au- 
thentication data Au1, first public-key Kb1 and second 
public-key Kb2 from the primary user confirms the pri- 
mary-user authentication data Au1 and transfers the 
confirmed primary-user authentication data Au1 to the 
secondary copyright management center 14 as the pri- 
mary user information Iu1 . 

[01 1 1] The database 1 prepares two secret-keys, that 
is, the first secret-key Ks1 and the second secret-key 
Ks2. The two secret-keys may be prepared by using the 
key control center 9 of embodiment 1 shown in Figure 1 . 
[0112] In the prepared first secret-key Ks1 and sec- 
ond secret-key Ks2, the second secret-key Ks2 is also 
previously transferred to the copyright management 
center 14. 

[0113] As the result of the above transfer, the primary 
user information Iu1 corresponding to primary utiliza- 
tion, original copyright information Ic and the second se- 
cret-key Ks2 are stored in the copyright management 
center 14. In this case, the original copyright information 
Ic is used for copyright royalties distribution. 
[01 14] When a primary user who desires data utiliza- 
tion accesses the database 1 from the primary user ter- 
minal 4, a data menu is transferred to him. In this case, 
information for charges may be displayed together with 
the data menu. 

[0115] When the data menu is transferred, the prima- 
ry user retrieves in the data menu to select the data M. 
In this case, the original copyright information Ic of the 
selected data M is transmitted to the copyright manage- 
ment center 14. 

[0116] The original data M0 is read out of the data- 
base 1 in accordance with a request of a primary user. 
The read original data M0 is encrypted by the first se- 
cret-key Ks1: 

CmOksl = E(Ks1 , MO). 

[0117] The encrypted data CmOksl is provided with 
the uncrypted original copyright information Ic. 
[0118] The first secret-key Ks1 is encrypted by the 
first public-key Kb1 and the second secret-key Ks2 is 
encrypted by the second public-key kb2: 

Cks1kb1 =E(Kb1, Ks1) 



Cks2kb2 = E(Kb2, Ks2). 

[0119] While the copyright management program P is 
also encrypted by the second public-key Ks2 

CpKs2 = E(Ks2, P), 
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the copyright management program P must not always 
be encrypted by the second secret-key Ks2 but it may 
be encrypted by any other proper crypt key. 
[0120] The encrypted original data CmOksl , encrypt- 
ed copyright management program Cpks2, and two en- 
crypted secret-keys Cks1kb1 and Cks2kb2 are trans- 
ferred to the primary user terminal 4 via the communi- 
cation network 8, and charged, if necessary. 
[0121] It is possible to store the encrypted copyright 
management program Cpks2 such as in a ROM in the 
user terminal 4 instead of being supplied from the data- 
base 1. 

[0122] The primary user receiving the encrypted orig- 
inal data CmOksl, two encrypted secret-keys Cks1kb1 
and Cks2kb2, and encrypted copyright management 
program Cpks2 from the database 1 decrypts the en- 
crypted first secret-key Cks1kb1 by the database utili- 
zation software using the first private-key Kv1 corre- 
sponding to the first public-key Kb1: 

Ks1 = D(Kv1,Cks1kb1), 

and decrypts the encrypted second secret-key Cks2kb2 
using the second private-key Kv2 corresponding to the 
second public-key Kb2: 

Ks2 = D(Kv2, Cks2kb2). 

[0123] And the primary user decrypts the encrypted 
copyright management program Cp ks2 using the de- 
crypted second secret-key Ks2: 

P = D(Ks2, Cpks2). 

[0124] Finally, the primary user decrypts the encrypt- 
ed data CmOksl by the decrypted copyright manage- 
ment program P usimg the decrypted first secret-key 
Ks1: 

M0 = D(Ks1, CmOksl) 

and uses the decrypted original data MO directly or data 
M1 as edited. 

[0125] As described above, the first private-key Kv1 
and second private-key Kv2 are crypt keys prepared by 
the primary user but not opened to others. Therefore, 
even if a third party obtains the data M, it is impossible 
to use the encrypted data M by decrypting it. 
[0126] Thereafter, to store, copy, or transmit the data 
M as the original data M0 or the edited data M1, it is 
encrypted and decrypted by the second secret-key Ks2: 

Cmks2 = E(Ks2, M) 



M = D(Ks2, Cmks2). 

[0127] The decrypted second secret-key Ks2 is there- 

5 after used as a crypt key for encrypting/decrypting data 
when storing, copying, or transmitting the data. 
[0128] The first private-key Kv1 and second private- 
key Kv2, the first secret-key Ks1 and second secret-key 
Ks2, the data M, the copyright management program P t 

10 the original copyright information Ic, and also the original 
cpyright information Ic and secondary cpyright informa- 
tion Id for information of the primary user and edited 
date and time when edited the data by the primary user 
are stored in the primary user terminal 4. 

*s [0129] Moreover, it is further protected by attaching 
the copyright information Id to the data as copyright in- 
formation label, and adding the digital signature. 
[0130] The encrypted data Cmks2 is encrypted to be 
distributed. Since the copyright information label pro- 

20 vides a clue to obtain the second secret-key Ks2 which 
is the key for decryption, the second secret key Ks2 can- 
not be procured in the case where the copyright infor- 
mation label is removed from the encrypted data 
Cmks2. 

25 [0131] When the encrypted data Cmks2 is stored in 
the primary user terminal 4, the 'second secret-key Ks2 
is stored in the terminal 4. However, when the encrypted 
data Cmks2 is not stored in the primary user terminal 4 
but is copied to the recording medium 11 or transmitted 

30 to the secondary user terminal 5 via the communication 
network 8, the second secret-key Ks2 is disused in order 
to disable subsequent utilization of the data in the pri- 
mary user terminal 4. 

[0132] In this case, it is possible to set a limitation for 
35 repetitions of copying or transmitting of the data so that 
the second secret-key Ks2 is not disused within limited 
repetions of copying and transmitting of the data. 
[0133] A primary user who is going to copy the data 
M to the external recording medium 1 1 or transmit the 
^o data M via the communication network 8 must prepare 
the second secret-key Ks2 to encrypt the data M by this 
second secret-key Ks2 before copying or transmitting 
the data: 

45 Cmks2 = E(Ks2, M). 

[01 34] The uncrypted original copyright information Ic 
and primary-user copyright information Id are added to 

50 the encrypted data Cmks2. 

[0135] Before using a database, a secondary user, 
similar to the primary user, prepares authentication data 
Au2 for authenticating the secondary user, a third public- 
key Kb3 and a third private-key Kv3 corresponding to 

55 the third public-key Kb3, a fourth public-key Kb4, and a 
fourth private-key Kv4 corresponding to the fourth pub- 
lic-key Kb4. 

[0136] A secondary user who desires secondary uti- 
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lization of the copied or transmitred encrypted data 
Cmks2 must designate original data name or number to 
the secondary copyright management center 14 to re- 
quest for secondary utilization to the center 1 4 from the 
secondary user terminal 5 via the communication net- 5 
work 8. In this time, the secondary user also transfers 
the third public-key Kb3 and the fourth public-key Kb4 
as well as the secondary user authentication data Au2, 
original copyright information Ic and primary user copy- 
right information Id. 10 
[01 37] The secondary copyright management center 
14 receiving the secondary utilization request from the 
secondary user confirms the secondary-user authenti- 
cation data Au2, and transfers confirmed secondary-us- 
er authentication data Au2 to the tertiary copyright man- is 
agement center 15 as secondary user information. 
[01 38] When the secondary copyright information Id 
of the primary user is transferred, the secondary copy- 
right information Id is inquired to the secondary copy- 
right center 14, and then, it recognizes the secondary 20 
copyright information Id to be transferred to the tertiary 
copyright management center 15. 
[0139] The secondary copyright management center 
14 prepares a third secret-key Ks3. The third secret-key 
Ks3 can also be prepared by using the key control center 25 
9 shown in embodiment 1. 

[0140] The prepared third secret-key Ks3 is trans- 
ferred to and stored in the tertiary copyright manage- 
ment center 15. 

[0141] As the result of the above transfer, primary us- 30 
er copyright information Id , primary user information 
Iu1, original copyright information Ic, secondary user in- 
formation Iu2, and third secret-key Ks3 are stored in the 
tertiary copyright management center 1 5. The primary 
user copyright information Id, and primary user infor- 35 
mation Iu1 are used for copyright royalties distribution. 
[0142] Hereafter similarly, copyright information for 
secondary exploitation right lcn-1 of (n-1 )-order user, 
primary user information Iu1 , original copyright informa- 
tion Ic, n-order user information lun, and n-th secret-key 40 
Ksn are stored in n-order copyright management center 
16. 

[0143] The primary user information Iu1, original cop- 
yright information !c and second secret-key Ks2 are 
read out of the secondary copyright management center 45 
14, The original copyright information Ic is used for cop- 
yright royalties distribution. 

[0144] The read second secret-key Ks2 and third se- 
cret-key Ks3 are encrypted by the third public-key Kb 3 
and fourth public-key Kb4 of the secondary user respec- so 
tively: 

Cks2kb3 = E(Kb3, Ks2) 



Cks3kb4 = E(Kb4, Ks3). 



[0145] The copyright management program P is en- 
crypted by the third secret-key Ks3 and the third secret- 
key Ks3 is encrypted by the fourth public-key Kb4: 

Cpks3 = E(Ks3, P) 



Cks3kb4 = E(Kb4, Ks3). 

[0146] The encrypted copyright management pro- 
gram Cpks3, encrypted second secret-key Cks2kb3, 
and encrypted third secret-key Cks3kb4 are transferred 
to the secondary user terminal 5 via the communication 
network 8. In this case, charging is performed, if neces- 
sary. 

[0147] The secondary user receiving two encrypted 
secret-keys Cks2kb3 and Cks3kb4 and the encrypted 
copyright management program Cpks3 from the sec- 
ondary copyright management center 14 decrypts the 
encrypted second secret-key Cks2kb3 by the third pri- 
vate-key Kv3, and decrypts the encrypted third secret- 
key Cks3kb4 by the fourth private-key Kv4 correspond- 
ing to the fourth public-key Kb4, using the database uti- 
lization software: 

Ks2 = D(Kv3, Cks2kb3) 



Ks3 = D(Kv4, Cks3kb4). 

[0148] The encrypted copyright management pro- 
gram Cpks3 is decrypted by the decrypted third secret- 
key Ks3: 

P = D(Ks3, Cpks3). 

[0149] Then, the encrypted data Cmks2 is decrypted 
to use it by the decrypted copyright management pro- 
gram P and the decrypted second secret-key Ks2: 

M = D(Ks2, Cmks2). 

[0150] As described above, the third private-key Kv3 
and the fourth private-key Kv4 are prepared by a sec- 
ondary user but not opened to others. Therefore, even 
if a third party obtains the encrypted data Cmks2, it is 
impossible to use the data by decrypting it. 
[0151] In the above described embodiment, the data- 
base 1, secondary copyright management center 14, 
tertiary copyright management center 15, and n-order 
copyright management center 16 are separately ar- 
ranged in order to avoid the congestion of utilization re- 
quests. However, if the congestion of utilization requests 
does not matter, it is possible to combine all or some of 
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these sections into one. 

[Embodiment 5] 

[0152] Figure 3 shows the system structure of embod- 5 
iment 5. In embodiment 5, original data is encrypted and 
supplied one-way from a single database and a user se- 
lects necessary data out of the supplied original data to 
use it. 

[0153] This embodiment uses a secret-key cryptosys- 10 
tern as its crypt key system. 

[0154] In Figure 3, reference numberal 1 represents 
a database in which text data, binary data serving as 
computer graphics display or computer program, digital 
audio data, and digital picture data are stored by being *5 
encrypted, 2 represents a space satellite such as a com- 
munication satellite or a broadcasting satellite, 3 repre- 
sents a data recording medium such as a CD-ROM or 
a flexible disk, 8 represents a communication network 
such as a pubilc telephone line offered y a communica- 20 
tion enterprise or a CATV line offered by a cable televi- 
sion enterprise, and 4 represents a primary user termi- 
nal. And 17 represents a copyright management center 
for managing the copyright on data, and 5, 6, and 7 rep- 
resent a secondary user terminal, tertiary user terminal, 25 
and n-order user terminal respectively. 
[0155] On the above arrangement, the database 1, 
copyright management center 17, primary user terminal 
4, secondary user terminal 5, tertiary user terminal 6 and 
n-order user terminal 7 can be connected each other by 30 
the communication network 8. 
[0156] Each user who uses this system is previously 
entered in the database system, and when entered in 
the system, database utilization software is given to him. 
This software includes a normal communication soft- 35 
ware program such as a data communication protocol. 
[0157] Though the software for using the database 
system can be stored in a hard disk in a user terminal, 
it may be stored in a mask ROM, EPROM, or EEPROM 
built in the user terminal. 40 
[0158] In this system, a secret-key generation algo- 
rithm is stored in a user terminal in order to generate a 
secret-key at the user side. However, because the se- 
cret-key generation algorithm is not always secret, it is 
also possible to store the algorithm in the database uti- 45 
lization software supplied to a user when he enters da- 
tabase utilization in the database system. 
[0159] When original data is supplied free of charge 
because it is provided with advertisement, it may not be 
necessary to be encrypted. Even in this case, however, so 
a procedure for using a copyright is necessary because 
the data is provided with a copyright. 
[0160] In Figure 3, a route shown by a broken line rep- 
resents a path of encrypted data, a route shown by a 
solid line represents a path requested from each user 55 
terminal, and a route shown by a one-dot chain line rep- 
resents a path through which a crypt key corresponding 
to a utilization request is transferred. 



[0161] The original data M0 stored in the database 1 
or the data recording medium 3 is supplied to the prima- 
ry user terminal 4 through a cable transmission via the 
communication network 8, by broadcast waves via the 
satellite 2 or the like, or by recording medium 3, and in 
this time, the data M0 is encrypted by the first secret- 
key Ks1: 

CmOksl =E(Ks1,M0). 

[0162] Similarly to the cases of embodiments 1 to 4, 
to protect the copyright of the original data CmOksl 
which is encrypted to be supplied, when storing, copy- 
ing, or transmitting which is utilization other than display- 
ing or displaying for editing is applied to the original data 
M0 in the primary user terminal 4, the data is encrypted 
by the second secret-key Ks2: 

Cm0ks2 = E(Ks2,M0) 

as disclosed in Japanese Patent Application No. 
64889/1994 which is the prior application by the inventor 
of the present invention et al. and, in the subsequent 
utilization, the original data is encrypted/decrypted by 
the second secret-key Ks2. user obtaining the encrypt- 
ed original data CmOksl designates an 
[0163] A primary user obtaining the encrypted original 
data CmOksl designates an original data name or orig- 
inal data number from the primary user terminal 4 to re- 
quest for the primary utilization of the encrypted original 
data CmOksl to the copyright management center 17. 
[0164] The copyright management center 17 receiv- 
ing the primary utilization request of the encrypted orig- 
inal data CmOksl from the primary user terminal 4 trans- 
fers the copyright management program P to the prima- 
ry user terminal 4 together with the first secret-key Ks1 . 
[0165] The copyright management program P in- 
cludes a crypt program having a cryptgraphic algorithm, 
which generates a secret-key and decrypts or encrypts 
data. 

[0166] The primary user terminal 4 receiving the first 
secret-key Ks1 and the copyright management program 
P decrypts the encrypted original data CmOksl by the 
first secret-key Ks1 using the crypt program 

M0 = D(Ks1, CmOksl) 

and uses the decrypted original data M0 directly or data 
M1 as edited. 

[01 67] The copyright management program P gener- 
ates a second secret-key Ks2 in accordance with the 
first secret-key Ks1 : 

Ks2 = P(Ks1). 
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[01 68] When the data M as the original data MO or the 
edited data M1 is stored in the primary user terminal 4, 
copied to the recording medium 1 1 , or transmitted to the 
secondary user terminal 5, the data is encrypted by the 
second secret-key Ks2 using the copyright manage- 
ment program P: 

Cmks2 = E(Ks2, M). 

[0169] The data Cmks2 encrypted by the second se- 
cret-key Ks2 is copied to the recording medium 11 or 
transmitted to the secondary user terminal 5 via the 
communication network 8 together with the original data 
name or original data number. 
[0170] The secondary user obtaining the encrypted 
data Cmks2 requests for the secondary utilization of the 
encrypted data Cmks2 to the copyright management 
center 17 from the secondary terminal 5 by designating 
the original data name or original data number. 
[0171] The copyright management center 17 receiv- 
ing the secondary utilization request of the encrypted 
data Cmks2 finds out the first secret-key Ks1 in accord- 
ance with the original data name or original data 
number, and generates the second secret-key Ks2 by 
the first secret-key Ks1 using the copyright manage- 
ment program P 

Ks2 = P(Ks1), 

and supplies the generated second secret-key Ks2 to 
the secondary user termina 15 together with the copy- 
right management program P. 

[0172] The secondary user terminal 5 receiving the 
second secret-key Ks2 and the copyright management 
program P decrypts the data Cmks2 encrypted by the 
second secret-key Ks2 by the second secret-key Ks2 

M = D(Ks2, Cmks2) 

and uses the data by displaying or editing it. 
[0173] When the decrypted data M is stored in the 
secondary user terminal 5, stored in the recording me- 
dium 1 2, or transmitted to the tertiary user terminal 6 via 
the communication network 8, the data M is encrypted 
by the second secret-key Ks2 using the copyright man- 
agement program P. 

[0174] Moreover, it is possible to make the copyright 
management program P generate the third secret-key 
Ks3 in accordance with the second secret-key Ks2: 

Ks3 = P(Ks2), 

so that the data M is encrypted by the third secret-key 
Ks3 using the copyright management program P when 



the data M is stored in the secondary user terminal 5, 
copied to the recording medium 1 2, or transmitted to the 
tertiary user terminal 6 via the communication network 
8: 

Cmks3 = E(Ks3, M). 

[Embodiment 6] 

[0175] Then, embodiment 6 is described. Original da- 
ta is encrypted and supplied one-way from a single da- 
tabase to a user and the user selects necessary data 
out of the original data to use it, similarly to the case of 
embodiment 5. 

[0176] This embodiment uses a secret-key cryptosys- 
tem as its crypt key system anda second secret-key is 
generated in accordance with primary user information 
and a first secret-key. 

[0177] Because the system structure of embodiment 
6 is same to that of embodiment 5 shown in Figure 3, 
its description is omitted. 

[0178] In the embodiment 6, the original data M0 
stored in the database 1 is encrypted via the communi- 
cation network 8, by broadcast waves via the sateltite.2, 
or by the recording medium 3 using the first secret-key 
Ks1: 

CmOksl = E(Ks1, M0) 

and supplied to the primary user terminal 4. 
[0179] A primary user obtaining the encrypted original 
data CmOksl requests for primary utilization of the en- 
crypted original data CmOksl from the primary user ter- 
minal 4. In this time, the primary user must designate 
an original data name or original data number and 
present the primary user information Iu1. 
[0180] The copyright management center 17 receiv- 
ing the primary utilization request of the encrypted orig- 
inal data CmOksl from the primary user supplies the first 
secret-key Ks1 and the copyright management program 
P to the primary user terminal 4. 
[0181] The copyright management program P in- 
cludes a crypt program having a cryptographic algo- 
rithm, which generates a secret-key and thus performs 
decryption and encryption. 

[0182] The primary user terminal 4 receiving the first 
secret-key Ks1 and the copyright management program 
P decrypts the encrypted original data CmOksl by the 
first secret-key Ks1 using the crypt program P. 

M0 = D(Ks1, CmOksl) 

and uses the decrypted original data M0 directly or data 
M1 as edited. 

[0183] The supplied copyright management program 
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P generates the second secret-key Ks2 in accordance 
with the primary user information Iu1 or the primary user 
information Iu1 and the first secret-key Ks1 : 

Ks2 = P(lu1)or 



Ks2 P(lu1 + Ks1). 

[0184] Because the generated second secret-key 
Ks2 is based on the primary user information Iu1 ( it is 
impossible to generate the second secret-key Ks2 with- 
out the correct primary user information Iu1 . 
[0185] Furthermore, it is possible to use primary user 
data generated in accordance with the primary user in- 
formation Iu1 or the terminal number of the primary user 
terminal 4 instead of the primary user information Iu1 . 
[0186] When the data M serving as the original data 
MO or edited data M1 is stored in the primary user ter- 
minal 4, copied to the recording medium 11, or supplied 
to the secondary user terminal 5 via the communication 
network 8, the data M is encrypted by the second secret- 
key Ks2 using the copyright management program P: 

Cmks2 = E(Ks2, M). 

[0187] The data Cmks2 encrypted by the second se- 
cret-key Ks2 is copied to the recording medium 11 or 
supplied to the secondary user terminal 5 via the com- 
munication network 8 together with its original data 
name or original data number and the primary user in- 
formation Iu1. 

[0188] A secondary user obtaining the encrypted data 
Cmks2 requests for secondary utilization of the data M 
to the copyright management center 1 7 from the sec- 
ondary user terminal 5. In this time, the user must des- 
ignate the original data name or original data number 
and present the primary user information Iu1, 
[0189] The copyright management center 17 receiv- 
ing the secondary utilization request of the data M finds 
out the first secret-key Ks1 in accordance with the orig- 
inal data name or original data number, generates the 
second secret-key Ks2 in accordance with either of the 
primary user information Iu1 and first secret-key Ks1, or 
both, and supplies the generated second secret-key 
Ks2 to the secondary user terminal 5 together with the 
copyright management program P. 
[0190] The secondary user receiving the second se- 
cret-key Ks2 and the copyright management program P 
decrypts the encrypted data Cmks2 by the second se- 
cret-key Ks2 using the copyright management program 
P and in the secondary user terminal 5 to use it: 

M = D(Ks2, Cmks2). 



[0191] When the data M is stored in the secondary 
user terminal 5, copied to the recording medium 12, or 
supplied to the tertiary user terminal 6 via communica- 
tion network 8, the data is encrypted by the second se- 
5 cret-key Ks2. 

[0192] Moreover, it is possible to make the copyright 
management program P generate the third secret-key 
Ks3 in accordance with the second secret-key Ks2 using 
the copyrignt management program P: 

10 

Ks3 = P(Ks2) 

so that the data M is encrypted by the third secret-key 
15 Ks3 when the data is stored in the secondary user ter- 
minal 5, copied to the recording medium 1 2, or supplied 
to the tertiary user terminal 6 via the communication net- 
work 8. 

[01 93] It is further possible to make the secondary us- 
20 er present the secondary information Iu2 when request- 
ing for secondary utilization to the copyright manage- 
ment center 17 so that the third secret-key Ks3 is gen- 
erated in accordance with the presented secondary user 
information Iu2 . 
25 [0194] In this embodiment 6, if the copyright manage- 
ment program P for generating the second secret-key 
Ks2 can be used in entire database system in common, 
the same second secret-key Ks2 is generated for the 
same original data in any database system as long as, 
30 the primary user information Iu1 or the first secret-key 
Ks1 is not changed. 

[Embodiment 7] 

35 [0195] Then, embodiment 7 is described below. Orig- 
inal data is encrypted and supplied one-way to a user 
from a single database and the user selects necessary 
data out of the original data to use it similarly to the em- 
bodiments 5 and 6. 

40 [0196] In this embodiment, a second secret-key is 
generated in accordance with the use frequency of a 
copyright management program and with a first secret- 
key. 

[0197] This embodiment uses a secret-key cryptosys- 
45 tern. 

[0198] Because the system structure of embodiment 
7 is same to that of embodiments 5 and 6 shown in Fig- 
ure 3, its description is omitted. 
[0199] The original data M0 stored in the database 1 
50 is encrypted by the first secret-key Ks1 via the commu- 
nication network 8 or broadcast waves via the satellite 
2, or by the recording medium 3: 

55 CmOksl =E(Ks1, M0), 

and supplied to the primary user terminal 4. 

[0200] A primary user obtaining the encrypted original 
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data CmOksl requests for primary utilization of the orig- 
inal data MO to the copyright management center 17 
from the primary user terminal 4 by designating an orig- 
inal data name or original data number. 
[0201] The copyright management center 1 7 receiv- 
ing the primary utilization request of the original data MO 
transfers the first secret-key Ks1 and the copyright man- 
agement program P to the primary user terminal 4. 
[0202] The copyright management program P in- 
cludes a crypt program having a cryptographic algo- 
rithm, in which a crypt key is generated and data is de- 
crypted or encrypted. 

[0203] Moreover, a counter is attached to the copy- 
right management program P to count the use frequen- 
cy of the program P. 

[0204] The primary user receiving the first secret-key 
Ks1 and the copyright management program P decrypts 
the encrypted original data CmOksl by the first secret- 
key Ks1 using the copyright management program P: 

M0 = D(Ks1, CmOksl) 

to use the decrypted original data M0 directly or data M1 
as edited. 

[0205] In the case of this system, when the data M 
serving as the original data M0 or edited data M1 is 
stored in the primary user terminal 4, copied to the re- 
cording medium 1 1 , or transmitted to the secondary user 
terminal 5 via the communication network 8 in order to 
manage the copyright of data, the data is encrypted by 
the second secret-key Ks2 using the copyright manage- 
ment program P. The second secret-key Ks2 used for 
this operation is generated in accordance with the use 
frequency N of the copyright management program and 
with the first secret-key Ks1 : 

Ks2 = P(N + Ks1). 

[0206] Because the second secret-key Ks2 thus gen- 
erated is based on the use frequency N of the copyright 
management program P and the first secret-key Ks1, 
the data M is encrypted by the latest second secret-key 
Ks2 whenever it is used: 

Cmks2 = E(Ks2 t M). 

[0207] The data Cmks2 encrypted by the second se- 
cret-key Ks2 generated through the final utilization is 
copied to the recording medium 11 or transmitted to the 
secondary user terminal 5 via the communication net- 
work 8 together with its original data name or original 
data number and counter data N1 . 
[0208] The secondary user obtaining the encrypted 
data Cmks2 presents the original data name or original 
data number and the counter data N1 from the second- 



ary user terminal 5 to request for the secondary utiliza- 
tion of the encrypted data Cmks2 to the copyright man- 
agement center 17. 

[0209] The copyright management center 17 receiv- 
5 ing the secondary utilization request of the encrypted 
data Cmks2 finds out the first secret-key Ks1 in accord- 
ance with the presented original data name or original 
data number, generates the second secret-key Ks2 in 
accordance with the counter data N 1 and the first secret- 
10 key Ks1 , and supplies the second secret-key Ks2 to the 
secondary user terminal 5 together with the copyright 
management program P via the communication network 
8. 

[0210] The secondary user receiving the second se- 
*5 cret-key Ks2 and the copyright management program P 
decrypts the encrypted data Cmks2 by the second se- 
cret-key Ks2 using the copyright management program 
P: 

20 

M = D(Ks2, Cmks2) 

and uses the decrypted data M directly or by editing the 
data M. 

25 [0211] When the data M is stored in the secondary 
user terminal 5 t copied to the recording medium 12, or 
transmitted to the tertiary user terminal 6 via the com- 
munication network 8, the data M is encrypted by the 
second secret-key Ks2 using the copyright manage- 

30 ment program P: 

Cmks2 = E(ks2, M). 

35 [0212] In this case, it is also possible to make the cop- 
yright, management program P generate the third se- 
cret-key Ks3 in accordance with a use frequency N2 of 
the copyright management program P in the secondary 
user terminal 5 and with the secret-key Ks2: 

40 

Ks3 = P(N2 + Ks2). 

[0213] When the data M is stored in the secondary 
45 user terminal 5, copied to the recording medium 12, or 
transmitted to the tertiary user 6 via the communication 
network 8, the data M is encrypted by the third secret- 
key Ks3 using the copyright management program P: 

50 

Cmks3 = E(Ks3, M). 

[Embodiment 8] 

55 [0214] Figure 4 shows the system structure of embod- 
iment 8 of the data copyright management system. In 
this embodiment, original data is supplied one-way to a 
user from a single database in accordance with a re- 



15 



29 



EP 0 704 785 B1 



30 



quest of the user. 

[021 5] This embodiment uses a secret-key cryptosys- 
tem as its cryptosystem in which a second secret-key is 
generated in accordance with a first secret-key. 
[0216] In Figure 4, reference numeral 1 represents a 
database, 4 represents a primary user terminal, 5 rep- 
resents a secondary user terminal, 6 represents a terti- 
ary user terminal, and 7 represents an n-order user ter- 
minal. And 1 8 represents a copyright management cent- 
er and 8 represents a communication network such as 
a pubilc telephone line offered by a communication en- 
terprise or a CATV line offered by a cable television en- 
terprise. 

[0217] In the above arrangement, the database 1, 
copyright management center 18, primary user terminal 
4, secondary user terminal 5, tertiary user terminal 6, 
and n-order user terminal 7 can be connected each oth- 
er by the communication network 8. 
[021 8] Each user who uses this system must previ- 
ously be entered in a database system, and when en- 
tered in the system, database system software is given 
to the user. This software includes a normal communi- 
cation software such as a data communication protocol. 
[0219] The database utilization software can be 
stored in a hard disk of a user terminal, and may be 
stored in a mask ROM, EPROM, or EEPROM buiit in 
the user terminal. 

[0220] In this system, a secret-key generation algo- 
rithm is stored in a user terminal in order to generate a 
secret-key at the user side. However, because the se- 
cret-key generation algorithm is not always secret, it is 
possible to store the algorithm in the database uatiliza- 
tion software given to the user when the user is entered 
in a database system. 

[0221] In case of original data provided with advertise- 
ment supplied to the user free of charge, it may not be 
necessary to encrypt the data. Even in this case, how- 
ever, because the data has a copyright, a procedure for 
using the copyright is necessary. 
[0222] In Figure 4, a route shown by a broken line rep- 
resents a path for encrypted data, a route shown by a 
solid line represents a path requested from each user 
terminal, and a route shown by one-dot chain line rep- 
resents a path through which a key for allowing data uti- 
lization and a copyright management program together 
with a secret-key from the copyright management cent- 
er to secondary and subsequent-order user. 
[0223] In Figure 4, the database 1 stores text data, 
graphics data or binary data, audio data, and picture da- 
ta which are not encrypted. 

[0224] A primary user requests for utilization of the 
original data M0 from the primary user terminal 4 by des- 
ignating an original data name or number to the data- 
base 1 via the communication network 8. 
[0225] The database 1 receiving the utilization re- 
quest of the original data M0 from the primary user ter- 
minal 4 encrypts the original data M0 by the first secret- 
key Ks1: 



CmOksl = E(Ks1, M0) 

and supplies the copyright management program P to 
5 the primary user terminal 4 together with the encrypted 
original data CmOksl and the first secret-key Ks1 . 
[0226] The copyright management program P in- 
cludes a crypt program having a cryptographic algorithm 
which generates a secret-key and decrypts or encrypts 
10 data. 

[0227] Moreover, by making the cryptographic algo- 
rithm depend on the first secret-key Ks1, it is possible 
to make the copyright management program P inherent 
in the original data M0. 
15 [0228] The primary user terminal 4 receiving the first 
secret-key Ks1 and the copyright management program 
P together with the original data CmOksl encrypted by 
the first secret-key Ks1 decrypts the encrypted original 
data CmOksl by the first secret-key Ks1: 

20 

M0 = D(Ks1, CmOksl), 

and uses the decrypted original data M0 directly or data 
25 M1 as edited. 

[0229] And the copyright management program P 
generates the second secret-key Ks2 in accordance 
with the first secret-key Ks1: 

30 

Ks2 = P(Ks1). 

[0230] When the data M as decrypted original data or 
edited data is stored in the primary user terminal 4, cop- 
35 ied to the recording medium 11, or transmitted to the 
secondary user terminal 5 via the communication net- 
work 8, the data M is encrypted by the second secret- 
key Ks2 using the copyright management program P: 

40 

Cmks2 = E(Ks2, M). 

[0231] The encrypted data Cmks2 is copied to the re- 
cording medium 11 or transmitted to the secondary user 
45 terminal 5 via the communication network 8, together 
with its original data name or original data number. 
[0232] A secondary user obtaining the encrypted data 
Cmks2 requests for secondary utilization of the data M 
as original data or edited data to the copyright manage- 
so ment center 18 from the secondary user terminal 5 by 
designating the original data name or number. 
[0233] The secondary copyright management center 
18 receiving the secondary utilization request of the data 
M finds out the first secret-key Ks1 in accordance with 
55 the original data name or original data number to gen- 
erate the second secret-key Ks2 in accordance with the 
first secret-key Ks1 : 
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Ks2 = P(Ks1), 

and supplies the generated second secret-key Ks2 to 
the secondary user terminal 5 together with the copy- s 
right management program P. 
[0234] The secondary user terminal 5 receiving the 
second secret-key Ks2 and the copyright management 
program P decrypts the encrypted data Cmks2 by the 
second secret-key Ks2 using the copyright manage- to 
ment program P: 

M = D(Ks2, Cmks2) 

15 

and uses the decrypted data M directly or by editing it. 
[0235] When the data M is stored in the secondary 
user terminal 5, copied to the recording medium 12, or 
transmitted to the tertiary user terminal 6 via the com- 
munication network 8. 20 
[0236] A third secret-key Ks3 is generated by the cop- 
yright management program P in accordance with the 
second secret-key Ks2: 

Ks3 = P(Ks2) 25 

so that the data M is encrypted by the generated third 
secret-key Ks3 using the copyright management pro- 
gram P: 30 



[0243] In the database 1 receiving the utilization re- 
quest of the original data M0 from the primary user ter- 
minal 4, the original data M0 is read and the read original 
data M0 is encrypted by the first secret-key Ks1: 

CmOksl = E(Ks1 , M0) 

and the copyright management program P is supplied 
to the primary user terminal 4 together with the encrypt- 
ed original data CmOksl and the first secret-key Ks1. 
[0244] The copyright management program P used 
here is common to entire database system, which in- 
cludes a crypt program having a cryptographic algo- 
rithm. A crypt key is generated and data is decrypted or 
encrypted by this crypt program. 
[0245] The primary user terminal 4 receiving the first 
secret-key Ks1 and the copyright management program 
P decrypts the encrypted original data CmOksl by the 
first secret-key Ks1 using the copyright management 
program P: 

M0 = D(Ks1, CmOksl) 

and uses the decrypted original data M0 directly or data 
M1 as edited. 

[0246] The copyright management program P gener- 
ates the second secret-key Ks2 in accordance with a 
primary user information Iu1: 
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Cmks3 = E(Ks3, M). 

[Embodiment 9] 35 

[0237] In the case of embodiment 9 described below, 
original data is supplied to a user from a single database 
in accordance with.a request of the user, similarly to em- 
bodiment 8 in Figure 4. 40 
[0238] This embodiment uses a secret-key cryptosys- 
tem and user data in addition to the first secret-key used 
for embodiment 8 to generate a second secret-key. 
[0239] Because the system structure of this embodi- 
ment is same to that of embodiment 8, its description is 45 
omitted. 

[0240] The database 1 stores the original data M0 
which is not encrypted. 

[0241] When a primary user accesses the database 
1 from the primary user terminal 4, a data menu is trans- so 
ferred to the user. In this case, it is possible to display 
charge information together with the data menu. 
[0242] When the primary user receives the data 
menu, the user retrieves the data menu to select the 
original data M0 and requests for primary utilization of 55 
the original data M0 to the database 1 by designating 
the original data name or the like of the selected original 
data M0. 



Ks2 = P(lu1). 

[0247] The second secret-key Ks2 may be generated 
in accordance with the first secret-key Ks1 or the prima- 
ry user data Iu1 and the first secret-key Ks1 instead of 
the primary user information Iu1 : 

Ks2 = P(Ks1) 



Ks2 = P(Ks1 + Iu1). 

[0248] When the data M serving as the original data 
M0 or edited data M1 is stored in the primary user ter- 
minal 4, copied to the recording medium 11 , or transmit- 
ted to the secondary user terminal 5 via the communi- 
cation network 8, the data M is encrypted by the second 
secret-key Ks2 using the copyright management pro- 
gram P: 

Cmks2 = E(Ks2, M). 

[0249] The data Cmks2 encrypted by the second se- 
cret-key Ks2 is provided with the original data name or 
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original data number and then, copied to the recording 
medium 11 or transmitted to the secondary user terminal 
5 via the communication network 8. 
10250] A secondary user obtaining the data Cmks2 
encrypted by the second secret-key Ks2 requests for s 
secondary utilization of the data M to the copyright man- 
agement center 18 from the secondary user terminal 5. 
In this time, the user designates the original data name 
or original data number and presents the uncrypted pri- 
mary user information Iu1 . 

[0251] The copyright management center 18 receiv- 
ing the secondary utilization request of the data M finds 
out the first secret-key Ks1 in accordance with the des- 
ignated original data name or original data number, gen- 
erates the second secret-key Ks2 in accordance with 
the presented primary user information Iu1 and the 
found-out first secret-key Ks1 by the copyright manage- 
ment program P, and supplies the key Ks2 to the sec- 
ondary user terminal 5 together with the copyright man- 
agement program P. 

[0252] The secondary user obtaining the second se- 
cret-key Ks2 and the copyright management program P 
decrypts the encrypted data Cmks2 by the second se- 
cret-key Ks2 using the copyright management program 
P in the secondary user terminal 5: 

M = D(Ks2, Cmks2) 

and uses the decrypted data M directly or by editing the 
data. 

[0253] When the data M is stored in the secondary 
user terminal 5, copied to the recording medium 12, or 
transmitted to the tertiary user terminal 6 via the com- 
munication network 8, the data M is encrypted by the 
second secret-key Ks2 using the copyright manage- 
ment program P: 

Cmks2 = E(Ks2, M). 

[0254] In this case, it is also possible to make the cop- 
yright management program P generate the third se- 
cret-key Ks3 in accordance with the primary user infor- 
mation Iu1, second secret-key Ks2, or primary user in- 
formation Iu1 and the second secret-key Ks2, 

Ks3 = P(lu1) 



Ks3 = P(lu1+Ks1) 



Ks3 = P(Ks1). 

[0255] It is also possible to make the secondary user 
present the secondary user information Iu2 when re- 



questing for secondary utilization so that the third se- 
cret-key is generated in accordance with the secondary 
user information Iu2 instead of the primary user infor- 
mation Iu1 . 

[0256] The data M is encrypted by the third secret-key 
Ks3 using the copyright management program P: 

Cmks = E(Ks3, M). 

[0257] In this embodiment, the copyright manage- 
ment program P for generating the second secret-key 
Ks2 is common to any database. Therefore, in any da- 
tabase, the same second secret-key Ks2 is generated 
for the same original data as long as the primary user 
data Iu1 and the first secret-key Ks1 are not changed. 

[Embodiment 10] 

[0258] In the case of embodiment 1 0 described below, 
original data is supplied to a user from a single database 
in accordance with a request of the user similarly to the 
case of embodiment 8. 

[0259] This embodiment uses a secret-key cryptosys- 
tem. 

[0260] This embodiment uses the use frequency of a 
copyright management program instead of user infor- 
mation adopted for generating a second secret-key in 
embodiment 9. 

[0261] Because the system structure of this embodi- 
ment is same to that of embodiment 8, its description is 
omitted. 

[0262] The database 1 stores original data M0 which 
is not encrypted. 

[0263] When a primary user accesses the database 
1 from the primary user terminal 4, a data menu is trans- 
ferred to the user. In this time, charge information may 
be displayed together with the data menu. 
[0264] When the primary user receives the data 
menu, the user retrieves the data menu to select the 
original data M0 and requests for the primary utilization 
of the original data M0 to the database 1 by designating 
an original data name or the like via communication net- 
work 8 from the primary user terminal 4. 
[0265] The database 1 receiving the data utilization 
request from a primary user encrypts the original data 
M0 by a first secret-key Ks1 

CmOksl =E(Ks1,M0) 

and supplies the copyright management program P to 
the primary user terminal 4 together with the encrypted 
data CmOksl and the first secret-key Ks1. 
[0266] The copyright management program P in- 
cludes a crypt program having a cryptographic algo- 
rithm, which generates a crypt key and decrypts or en- 
crypts data. 
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[0267] Moreover, a counter is attached to the copy- 
right management program P to count the use frequen- 
cy N of the program P or the number of use times of 
original data. 

(0268] Furthermore, by making the cryptographic al- 5 
gorithm depend on the first secret-key Ks1 , it is possible 
to make the copyright management program P inherent 
in the original data. 

[0269] The primary user receiving the first secret-key 
Ks1 and the copyright management program P decrypts 10 
the encrypted original data CmOksl by the first secret- 
key Ks1 using the copyright management program P 

MO = D(Ks1, CmOksl) 15 

and uses the decrypted original data MO directly or data 
M1 as edited. 

[0270] To protect the copyright of data, when the data 
M as the original data M0 or edited data M1 is stored in 20 
the primary user terminal 4, copied to the recording me- 
dium 11, or transmitted to the secondary user terminal 
5 via the communication network 8 ( the data M is en- 
crypted by the copyright management program P. In oth- 
er words, a copyright management program always 25 
runs whenever these types of utilization are performed. 
[0271] When the supplied copyright management 
program P is used, the counter in the program performs 
counting and the copyright management program P 
generates the second secret-key Ks2 in accordance 30 
with the counted value N and the first secret-key Ks1 : 

Ks2 = P(N + Ks2). 

35 

[0272] Because the second secret-key Ks2 is based 
on the use frequency N of the copyright management 
program P, the data M is encrypted by the new second 
secret-key Ks2 whenever the data is used: 

40 

Cmks2 = E(Ks2, M). 

[0273] The data Cmks2 encrypted by the finally gen- 
erated second secret-key Ks2 is copied to the recording 45 
medium 11 or transmitted to the secondary user terminal 
5 via the communication network 8 together with the 
original data name or original data number, the primary 
user information Iu1 and the counter data N. ~ 
[0274] A secondary user obtaining the data Cmks2 so 
encrypted by the second secret-key Ks2 presents the 
original data name or original data number, primary user 
information Iu1, and counter data N to request for sec- 
ondary utilization of the data M to the copyright manage- 
ment center 18. 55 
[0275] The copyright management center 18 receiv- 
ing the secondary utilization request of the encrypted 
data Cmks2 finds out the first secret-key Ks1 in accord- 



ance with the original data name or original data number 
of the data, generates a second secret-key Ks2 accord- 
ing to the first secret-key Ks1 , and the presented primary 
user information Iu1 and the counter data N, and trans- 
fers the generated second secret-key Ks2 to the sec- 
ondary user terminal 5 together with the copyright man- 
agement program P. 

[0276] The secondary user terminal 5 receiving the 
second secret-key Ks2 and the copyright management 
program P decrypts the encrypted data Cmks2 by the 
second secret-key Ks2 using the copyright manage- 
ment program P 

M = D(Ks2, Cmks2) 

and uses the decrypted data M directly or by editing the 
data. 

[0277] When the data is stored in the secondary user 
terminal 5, copied to the recording medium 12, or trans- 
mitted to the tertiary user terminal 6 via the communi- 
cation network 8, the data is encrypted by the second 
secret-key using the copyright management program P. 
[0278] Moreover, it is possible that the copyright man- 
agement program generates a third secret-key in ac- 
cordance with the second secret-key. 
[0279] Above-mentioned embodiments 1 to 10 are 
described about a case of using a single original data 
supplied from a database. However, one of the data uti- 
lization, editing includes not only a case of editing a sin- 
gle data but also a case of producing new data by com- 
bining a plurality of original data obtained from the same 
database and a case of producing new data by combin- 
ing a plurality of original data obtained from a plurality 
of databases. 

[Embodiment 11] 

[0280] Embodiment 11 to be described below is an 
embodiment in which a primary user produces new data 
by combining a plurality of original data stored in a single 
database. That is, the primary user produces new data 
by using first, second, and third original data stored in 
the database. 

[0281] In this embodiment, a plurality of original data 
are supplied to a user from a single database in re- 
sponse to a request of the user similarly to the case of 
embodiment 8 shown in Figure 4. 
[0282] This embodiment uses a secret-key cryptosys- 
tem. 

[0283] Because the system structure of this embodi- 
ment is same to that of embodiment 8, its description is 
omitted. 

[0284] The database 1 stores original data M01 , M02 
and M03 which are not encrypted. 
[0285] When the primary user accesses the database 
1 from the primary user terminal 4, a data menu is trans- 
ferred to the user. In this time, charge information may 
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be displayed together with the data menu. 
[0286] When the primary user receives the data 
menu, the user retrieves the data menu to select the 
original data M01 , M02 and M03 and requests for supply 
of the data M01 , M02 and M03 to the database 1 via the 5 
communication network 8 by designating original data 
names or original data numbers of the first, second and 
third original data M01 , M02 and M03, and also presents 
the primary user information Iu1. 

[0287] The database 1 receiving the supply request *o 
of the first, second and'third original data M01 , M02 and 
M03 from the primary user encrypts the first, second and 
third original data M01 , M02 and M03 by first, second 
and third secret-keys Ks01 , Ks02 and Ks03 respective- 
ly: is 

Cm01ks01 = E(Ks01,M01} 



Cm02ks02 = E(Ks02, M02) 
Cm03ks03 = E(Ks03, M03) 

25 

and supplies the first, second and third secret-keys 
Ks01, Ks02 and Ks03 and the copyright management 
program P common to entire database and all original 
data to the primary user terminal 4. 
[0288] The copyright management program P in- 30 
cudes a crypt program having a cryptographic algo- 
rithm, which generates a crypt key and decrypts or en- 
crypts data. 

[0289] The primary user terminal 4 receiving the first 
encrypted original data Cm01ks01, second encrypted 35 
original data Cm02ks02, third encrypted original data 
Cm03ks03, first secret-key Ks01, second secret-key 
Ks02, third secret-key Ks03, and copyright manage- 
ment program P decrypts the first, second and third en- 
crypted original data Cm01ks01, Cm02ks02 and *o 
Cm03ks03 by the secret-keys Ks01 , Ks02, and Ks03 us- 
ing the copyright management program P 

M01 =D(Ks01,Cm01ks01) 



M02 = D(Ks02, Cm02ks02) 



M03 = D(Ks03, Cm03ks03). 

and produces new data M1 edited from the original data 
M01.M02 and M03. 

[0290] The copyright management program P pro- 55 
duces a fourth secret-key Ks4 in accordance with one 
or some of the first secret-key Ks01 , second secret-key 
Ks2, third secret-key Ks3, and primary user data Iu1: 



Ks4 = P(Ks01/Ks02/Ks03/lu1). 

[0291] When the edited data M1 is stored in the pri- 
mary user terminal 4, copied to the recording medium 
11, or transmitted to the secondary user terminal 5 via 
the communication network 8, the data is encrypted by 
the fourth secret-key Ks4 using the copyright manage- 
ment program P: 

Cm1ks4 = E(Ks4, M1). 

[0292] The encrypted edited data Cm1ks4 is copied 
to the recording medium 11 or transmitted to the sec- 
ondary user terminal 5 via the communication network 
8, together with original data names or original data 
numbers and the primary user data Iu1 . 
[0293] A secondary user obtaining the encrypted ed- 
ited data Cm1ks4 requests for secondary utilization of 
the data Cm1ks4 to the copyright management center 
18 from the secondary user terminal 5. In this time, the 
user designates data names or data numbers of the 
original data M01 , M02 and M03 and presents the pri- 
mary user information Iu1 . 

[0294] The copyright management center 18 receiv- 
ing the secondary utilization request of the encrypted 
edited data Cm1ks4 from the secondary user finds out 
the first secret-key Ks01 in accordance with the data 
name or data number of the first original data M01 , the 
second secret-key Ks02 in accordance with the data 
name or number of the second original data M02, and 
the third secret-key Ks03 in accordance with the data 
name or number of the third original data M03: gener- 
ates fourth secret-key Ks4 by one or some of the found- 
out first secret-key Ks01 , second secret-key Ks02, third 
secret-key Ks03 and primary user information Iu1 using 
common copyright management program P 

Ks4 = P(KsO1/Ks02/KsO3/lu1); 

and supplies the fourth secret-key Ks4 to the secondary 
user terminal 5 together with the common copyright 
management program P. 

[0295] The secondary user receiving the fourth se- 
cret-key Ks4 and the common copyright management 
program P decrypts the encrypted edited data Cm1ks4 
by the fourth secret-key Ks4 using the copyright man- 
agement program P 

M1 =D(Ks4, Cm1ks4) 

and uses the decrypted edited data M1 directly or data 
M2 as edited. 

[0296] When the edited data M1 or re-edited data M2 
is stored in the secondary user terminal 5, copied to the 
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recording medium 12 or transmitted to a tertiary user 
terminal 6 via the communication network 8, a fifth se- 
cret-key Ks5 is generated in accordance with the fourth 
secret-key Ks4 by the copyright management program 
P, and the data is encrypted by the fifth secret-key Ks5 
using the copyright management program P: 

Cm1ks5 = E(Ks5, Cm1) 



Cm2ks5 = E(Ks5, Cm2). 

[0297] Moreover, it is possible to make the common 
copyright management program P generate a fifth se- 
cret-key Ks5 by the fourth secret-key Ks4 for subse- 
quent encryption or decryption by the generated fifth se- 
cret-key Ks5. 

[0298] In this embodiment, a copyright management 
program for generating a fourth secret-key is common 
to any database. Therefore, in any database, the same 
fourth secret-key is generated for the same original data 
as long as primary user data and a first secret-key are 
not changed. 

[0299] While the common copyright management 
program of this embodiment is supplied from the copy- 
right management center 18, it may be stored in a ROM 
in each user terminal or in software for using a database. 

[Embodiment 12] 

[0300] Embodiment 1 2 described below is an embod- 
iment in which new data is produceed by combining a 
plurality of original data supplied from a plurality of da- 
tabases in response to a user's request. This embodi- 
ment uses a secret-key cryptosystem. 
[0301] In Figure 5, reference numerals 19, 20, and 21 
represent first, second and third databases storing text 
data, binary data as a computer graphics display or 
computer program, and audio data or picture data, 4 
represents a primary user terminal, 5 represents a sec- 
ondary user terminal, 6 represents a tertiary user termi- 
nal, 7 represents an n-order user terminal, 10 repre- 
sents a copyright management center for managing da- 
ta copyrights, and 8 represents a communication net- 
work such as a public telephone line offered by a com- 
munication enterprise or a CATV line offered by a cable 
television enterprise. 

[0302] In the above arrangement, the first, second 
and third databases 19, 20 and 21, copyright manage- 
ment center 10, primary user terminal 4, secondary user 
terminal 5, tertiary user terminal 6, and n-order user ter- 
minal 7 can be connected each other by the communi- 
cation network 8. 

[0303] Each user who desires to use this system must 
previously be entered in each database system, and 
when entered in the database system, database utiliza- 
tion software is supplied to the user. The software in- 



cludes a normal communication software program such 
as a data communication protocol. 
[0304] The database utilization software can be 
stored in a hard disk of a user terminal, and also may 
5 be stored in a mask ROM, EPROM, or EEPROM built 
in the user terminal. 

[0305] In this system, a crypt key generation algorithm 
. is stored in a user terminal in order to generate a secret- 
key at the user side. However, because the crypt key 
10 generation algorithm is not necessarily secret, it is pos- 
sible to store the algorithm in each database utilization 
software. 

[0306] In case of original data provided with advertise- 
ment supplied to the user free of charge, it may not be 

15 necessary to encrypt the data. Even in this case, how- 
ever, because the data has a copyright, a procedure for 
using the copyright is necessary. 
[0307] In this drawing, a route shown by a broken line 
represents a path for encrypted data, a route shown by 

20 a solid line represents a path of requests from each user 
terminal to each database and copyright management 
center, and route shown by a one-dot chain line repre- 
sents a path through which permit information corre- 
sponding to utilization requests, a copyright manage- 

25 ment program, and a crypt key are transferred from each 
database and copyright management center to each us- 
er terminal. 

[0308] This embodiment uses a secret-key and a cop- 
yright management program which are different for each 

30 original data and are previously stored in each database 
and the copyright management center, 
[0309] The first database 19 stores the first original 
data M1 which is not encrypted. When a primary user 
accesses the first database 19 from the first user termi- 

35 nal 4, a data menu is transferred to the user. 

[0310] When the primary user receives the data 
menu, the user retrieves the data menu to select the first 
original data M1 and requests for supply of the first orig- 
inal data M1 to the first database 19 via the communi- 

40 cation network 8 from the primary user terminal 4 by 
designating an original data name or original data 
number. In this time, the user presents the primary user 
information Iu1. 

[0311] The first database 19 receiving the utilization 
45 request of the fi rst original data M1 from the primary user 
encrypts the requested first original data M1 by first se- 
cret-key Ks1 

50 Cm1ks1 =E(Ks1,M1) 

and supplies the encrypted data to the primary user ter- 
minal 4. 

[0312] The second database 20 stores the second 
55 original data M2 which is not encrypted. When the pri- 
mary user accesses the second database 20 from the 
primary user terminal 4, a data menu is transferred to 
the user. 
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[0313] When the primary user receives the data 
menu, the user retrieves the data menu to select the 
second original data M2 and requests for supply of the 
second original data M2 to the second database 20 via 
the communication network 8 from the primary user ter- 5 
minal 4 by designating an original data name or original 
data number. In this time, the user presents the primary 
user information Iu1 . 

[0314] The second database 20 receiving the utiliza- 
tion request of the second original data M2 from the pri- 
mary user encrypts the requested second original data 
M2 by second secret-key Ks2 

Cm2ks2 = E(Ks2, M2) 

and supplies the encrypted data to the primary user ter- 
minal 4. 

[0315] The third database 21 stores the third original 
data M3 which is not encrypted. When the primary user 
accesses the third database 21 from the primary user 
terminal 4, a data menu is transferred to the user. 
[0316] When the primary user receives the data 
menu, the user retrieves the data menu to select the 
third original data M3 and requests for supply of the third 
original data M3 to the third database 21 via the com- 
munication network 8 from the primary user terminal 4 
by designating an original data name or original data 
number. In this time, the user presents the primary user 
information Iu1. 

[0317] The third database 21 receiving the utilization 
request of the third original data M3 from the primary 
user encrypts the requested third original data M3 by 
the third secret-key Ks3 

Cm3ks3 = E(ks3, M3) 



[0320] These copyright management programs P1, 
P2 and P3 include a crypt program having a crypto- 
graphic algorithm respectively, which generates new se- 
cret-keys and decrypts or encrypts data. 
[0321] Moreover, by making these cryptographic al- 
gorithms depend on the first, second and third secret- 
keys Ks1, Ks2 and Ks3 respectively, it is possible to 
make the first, second and third copyright management 
programs P1 , P2 and P3 inherent in the first, second 
and third original data M1 ( M2 and M3 respectively. 
[0322] The primary user terminal 4 receiving the first, 
second and third secret-keys Ks1, Ks2 and Ks3 de- 
crypts the first, second and third original data Cm1ks1 , 
Cm2ks2 and Cm3ks3 encrypted by these secret-keys: 

M1 =D(Ks1,Cm1ks1) 



M2 = D(Ks2, Cm2ks2) 



M3 = D(Ks3, Cm3ks3), 

and uses the decrypted original data M1, M2, and M3 
directly or by editing them. 

[0323] And the first copyright management program 
P1 generates fourth secret-key Ks4 in accordance with 
the first secret-key Ks1 , the second copyright manage- 
ment program P2 generates fifth secret-key Ks5 in ac- 
cordance with the second secret-key Ks2, and the third 
copyright management program P3 generates sixth se- 
cret-key Ks6 in accordance with the third secret-key 
Ks3: 

Ks4 = P1(Ks1) 
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and supplies the encrypted data to the primary user ter- 
minal 4: 

[0318] The primary user receiving the first, second, 
and third encrypted original data Cm1ks1, Cm2ks2 and 
Cm3ks3 requests for primary utilization of the first, sec- 
ond, and third encrypted original data Cm1ks1, Cm2ks2 
and Cm3ks3 to the copyright management center 10 via 
the communication network 8 from the primary user ter- 
minal 4 by designating original data names or numbers. 
[0319] The copyright management center 10 receiv- 
ing the primary utilization request of the first, second and 
third encrypted original data Cm1ks1, Cm2ks2 and 
Cm3ks3 from the primary user supplies a first copyright 
management program P1 , a second copyright manage- 
ment program P2, and a third copyright management 
program P3 to the primary user terminal 4 together with 
the first secret-key Ks1 as a crypt key of the first original 
data M1, the second secret-key Ks2 as a crypt key of 
the second original data M2, and the third secret-key 
Ks3 as a crypt key of the third original data M3. 



Ks5 = P2(Ks2) 



Ks6 = P3(Ks3). 

45 [0324] When the original data M1 , M2 and M3 or ed- 
ited data M4, M5 and M6 are stored in the primary user 
terminal 4, copied to the recording medium 11 , or trans- 
mitted to the secondary user terminal s via the commu- 
nication network 8; the first original data M1 or edited 

so data M4 is encrypted by the fourth secret-key Ks4 using 
the first copyright management program P1 , the second 
original data M2 or edited data MS is encrypted by the 
fifth secret-key KsS using the second copyrightmanage- 
ment program P2, and the third original data M3 or ed- 

55 ited data M6 is encrypted by the sixth secret-key Ks6 
using the third copyright management program P3: 
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Cm1ks4 = E(Ks4,M1) 



Cm2ks5 = E(Ks5, M2) 



Cm3ks6 = E(Ks6, M3) 



Cm4ks4 = E(Ks4, M4) 
Cm5ks5 = E(Ks5, M5) ; 

15 

Cm6ks6 = E(Ks6, M6). 

10325] The original data Cm1ks4, Cm2ks5 and 
Cm3ks6 or edited data Cm4ks4, Cm5ks5 and Cm6ks6 20 
encrypted by the fourth, fifth and sixth secret-keys Ks4, 
Ks5 and Ks6 are copied to the recording medium 11 or 
transmitted to the secondary user terminal 5 via the 
communication network 8 together with the first, second 
and third original data names or original data numbers 25 
and the primary user data Iu1. 

[0326] For the secondary user terminal 5 receiving the 
first, second and third encrypted original data Cm1ks4, 
Cm2ks5 and Cm3ks6 or the encrypted edited data 
Cm4ks4, Cm5ks5 and Cm6ks6, secondary utilization of 30 
the first, second and third original data M1 t M2 and M3 
or edited data M4, M5 and M6 is requested to the cop- 
yright management center 1 0 by designating the original 
data names or original data numbers. 
[0327] The copyright management center 10 receiv- 35 
ing the secondary utilization request of the first, second 
and third original data M 1 , M2 and M3 or the edited data 
M4, M5 and M6 from the secondary user terminal 5 finds 
out the first secret - key Ks1 and the first copyright man- 
agement program P1 in accordance with the first original 40 
data name or number, the second secret-key Ks2 and 
the second copyright management program P2 in ac- 
cordance with the second original data name or number 
and the third secret-key Ks3 and the third copyright 
management program P3 in accordance with the third 45 
original data name or number; in which the first copyright 
management program P1 generates the fourth secret- 
key Ks4 from the first secret-key Ks1, the second cop- 
yright management program P2 generates the fifth se- 
cret-key Ks5 from the second secret-key Ks2 and the so 
third copyright management program P3 generates the 
sixth secret-key Ks6 from the third secret-key Ks3 

Ks4 = P1(Ks1) 



Ks5 = P2(Ks2) 



Ks6 = P3(Ks3); 

and supplies these secret-keys to the secondary user 
terminal 5 together with the first, second and third cop- 
yright management programs P1, P2 and P3. 
[0328] In the secondary user terminal 5 receiving the 
fourth, fifth and sixth secret-keys Ks4, Ks5 and Ks6 and 
the first, second and third copyright management pro- 
grams P1 , P2 and P3, the encrypted first original data 
Cm1ks4 or edited data Cm4ks4 is decrypted by the 
fourth secret-key Ks4 using the first copyright manage- 
ment program P1, the encrypted second original data 
Cm2ks5 or edited data Cm5ks5 is decrypted by the fifth 
secret-key Ks5 using the second copyright manage- 
ment program P2, and the encrypted third original data 
Cm3ks6 or edited data Cm6ks6 is decrypted by the sixth 
secret-key Ks6 using the third copyright management 
program P3 

M4 = D(Ks4, Cmks4) 



M5 = D(Ks5, Cm5ks5) 



M6 = D(Ks6, Cm6ks6), 

and the decrypted data M4, M5 and M6 are used directly 
or by editing them. 

[0329] When the first, second and third original data 
M1 , M2 and M3 or edited data M4, M5 and M6 are stored 
in the secondary user terminal 5, copied to the recording 
medium 12, or transmitted to the tertiary user terminal 
6 via the communication network 8, the first original data 
M1 or edited data M4 is encrypted by the fourth secret- 
key Ks4 using the first copyright management program 
P1 , the second original data M02 or edited data M5 is 
encrypted by the fifth secret-key Ks5 using the second 
copyright management program P2, and the third orig- 
inal data M3or edited data M6 is encrypted by the sixth 
secret-key Ks6 using the third copyright management 
program P3. 

[0330] In this case, it is also possible to make the first 
copyright management prograrti P! generate a seventh 
secret-key Ks7 in accordance with the fourth secret-key 
Ks4, the second copyright management program P2 
generate an eighth secret-key Ks8 in accordance with 
the fifth secret-key Ks5 and the third copyright manage- 
ment program P3 generate a ninth secret-key Ks9 in ac- 
cordance with the sixth secret-key Ks6: 

Ks7 = P1(Ks4) 



Ks8 = P2(Ks5) 
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Ks9 = P3(Ks6) 

and when the first, second and third original data M1, 
M2 and M3 or edited data M4, M5 and M6 are stored in 
the secondary user terminal 5, copied to the recording 
medium 12, or transmitted to the tertiary user terminal 
6 via the communication network 8, the first, second and 
third copyright management programs P1 , P2 and P3 
encrypt the first, second and third original data M1, M2 
and M3 or the edited data M4, M5 and M6 by the sev- 
enth, eighth and ninth secret-keys Ks7, Ks8 and Ks9: 

Cm1ks7 = E(Ks7, M1) 



Cm2ks8 = E(Ks9, M2) 



Cm3ks9 = E(Ks9, M3) 



Cm4ks7 = E(Ks7, M4) 



Cm5ks8 = E{Ks8, M5) 



Cm6ks9 = E(Ks9, M6) 
[Embodiment 13] 

[0331] Embodiment 1 3 described below is an embod- 
iment in which new data is produced by using a plurality 
of original data supplied from a plurality of data bases 
in response to a user's request similarly to embodiment 
12. This embodiment uses a secret-key cryptosystem. 
[0332] The use frequency of copyright management 
programs is further used to generate a crypt key for en- 
cryption/decryption similarly to the cases of embodi- 
ments 7 and 11. 

[0333] In this embodiment, a counter is attached to a 
copyright management program, which counts the serv- 
ice frequency of the program or the number of times of 
using original data and the fourth, fifth and sixth secret- 
keys Ks4 t Ks5 and Ks6 are generated by the counter 
value N. 

[0334] A secondary user presents the counter value 
N together with the original data name or original data 
number of each original data and primary user data to 
request for secondary utilization of data to the copyright 
management center 10. 

[0335] The copyright management center 10 receiv- 
ing the secondary utilization request of data finds out 
the first, second and third secret-keys Ks1 , Ks2 and Ks3 
in accordance with the original data names or original 
data numbers, generates fourth, fifth and sixth secret- 



keys Ks4, Ks5 and Ks6 by the first, second and third 
secret-keys Ks1 , Ks2 and Ks3 for each data, the primary 
user information Iu1 and the first, second and third coun- 
ter values N1 t N2 and N3 using the first, second and 
5 third copyright management programs P1 , P2 and P3; 
and supplies the generated fourth, fifth and sixth secret- 
keys Ks4, Ks5 and Ks6 to secondary user together with 
the fourth, fifth and sixth copyright management pro- 
grams P1, P2 and P3. 
10 [0336] Because the system structure of embodiment 
13 is same to that of embodiment 12 except the above 
point, its detailed description is omitted. 

[Embodiment 14] 

[0337] When a copy of original data obtained by a pri- 
mary user is directly supplied to a secondary user, a cop- 
yright of the primary user is not effected on the data be- 
cause the data is not provided with any value. However, 
when new data is produced from obtained original data, 
that is, when new data is produced from obtained single 
original data or from a plurality of obtained original data, 
a secondary copyright of the primary user; i.e., second- 
ary exploitation right in editing the data is effected on 
the new data. 

[0338] Because the copyright of the original copyright 
owner also exists in the original data used for editing 
data, the original copyright of the original data of an au- 
thor and the secondary copyright of the primary user 
who has edited data exist in the edited data. 
[0339] As a copyright is not a mere real right but a 
right having essential element of a personal right, au- 
thors strongly insist on the existence of the copyright in 
many cases. Therefore, even when original data is ed- 
ited, it is preferable that the original data or its copyright 
owner can easily be specified from the edited data. 
[0340] In the data copyright management systems 
described in embodiments 1 to 1 3, the copyrights of data 
are managed by encrypting original data or edited data. 
For these systems, however, the copyright of data is 
managed without identifying] original data or edited da- 
ta, in the whole data or separating an original data part 
from an edited data part in the whole edited data. There- 
fore, it is impossible to specify original data or owner out 
of edited data. 

[0341] In embodiment 14 described below makes it 
possible to separate original data in which only the orig- 
inal copyright exists from edited data in which a second- 
ary exploitation right also exists in addition to the original 
copyright, and moreover clearly manage the original 
copyright and the secondary exploitation right. 
[0342] Because data is edited by using a program for 
edition and thereby altering original data, edited data 
can be reproduced as the original data and edit contents 
(further, the program for edition when necessary) are 
specified. In other words, unless the original data and 
the edit contents (further, the program for edition when 
necessary) are specified, it is impossible to reproduce 



20 



25 



30 



35 



40 



45 



50 



24 



47 



EP0 704 785 B1 



48 



the edited data. 

[0343] In embodiment 14, the secondary exploitation 
right described is managed by specifying original data 
and edit contents (further, a program for edition when 
necessary) and managing them. 
[0344] To produce new data from single original data, 
there are a case in which edited data [A*] is obtained by 
altering original data A, a case in which edited data 
[A+X] is obtained by adding data X to the original data 
A by a primary user; 

a case in which edited data [A"] is obtained by dividing 
the original data A into original data elements A1, A2, 
A3,... and changing the arrangement of the elements to 
such as A3, A2 and A1; and a case in which edited data 
[A1+X1+A2+X2+ A3+X3...] is obtained by dividing the 

original data A into original data elements A1 , A2, A3 

also dividing the data X of the primary user into X1 , X2, 
X3 t ... and arranging these elements. 
[0345] In these cases, alteration of original data, 
change of original data arrangement, combination of the 
original data with primary user data, and division of the 
original data and combination of it with the primary user 
data can respectively be provided with a secondary ex- 
ploitaion right, which is necessary to be protected. The 
original copyright of the primary user, of course, exists 
in the data X added by the primary user. 
[0346] To produce new data by combining a plurality 
of original data, there are a case in which edited data 
[A+B+C...] is obtained by simply combining original data 
A, B t C,.,.; a case in which edited data such as [A+X] is 
obtained by adding data X to the original data A, B, C, 
a case in which edited data [A1 +B1+C1+... 
+A2+B2+C2+...+A3+B3+C3+...] is obtained by dividing 
the original data A, B, C,... into original data elements 
A1, A2, A3 B1, B2, B3,..., and C1, C2, C3 com- 
bining them, and changing their arrangements; and a 
case in which edited data [A1+B1+C1+X1+... 
+A2+B2+C2+X2+...+A3+B3+C3+X3+...] is obtained by 
dividing the original data A, B, C,... into original data el- 
ements A1 , A2, A3 B1 , B2, B3 and C1 , C2, C3,..., 

combining the elements with primary user data X1, X2, 
X3 t ..., and changing their arrangements. - 
[0347] Also in these cases, combination of a plurality 
of original data, combination of a plurality of original data 
with primary user data, division of a plurality of original 
data and change of the arrangements, and combination 
of a plurality of divided original data with the primary user 
data can respectively be provided with a secondary ex- 
ploitation right, which is necessary to be protected. Also, 
the original copyright of the primary user, of course, ex- 
ists in the data X1 , X2, X3,... added by the primary user. 
[0348] Figure 6 shows an example for producing new 
data D by using a plurality of original data A, B and C. 
This method is known as the cut-and-paste technique 
in which data is edited by extracting (cutting out) ele- 
ments "a", "b" and "c" from original data A, B and C and 
attaching (pasting) the extracted elements "a", "b" and 
"c" to form a piece of data D. 



[0349] While it is clear that original data and primary 
user data are data, the editing process: alteration of orig- 
inal data, arrangement change of original data, combi- 
nation of original data with primary user data, division of 

5 original data and combination with primary user data, 
combination of a plurality of original data each other, 
combination of a plurality of original data with primary 
user data, division and arrangement change of a plural- 
ity of original data, and combination of a plurality of di- 

10 vided original data with primary user data, are also data. 
[0350] In the above described embodiments 1 to 13, 
the copyright of data are managed by encrypting original 
data or edited data. Moreover, when noticing that editing 
process of data, such as arrangement of original data 

is and process of editing, is also data, the secondary ex- 
ploitation right on edited data can be protected by man- 
aging the primary copyright of the author on the original 
data and secondary copyright of the primary user about 
editing process data. 

20 [0351] Editing process data or program for edition 
may be called as scenario. 

[0352] That is, it is possible to ensure to manage the 
copyrights of edited data as well as of original data, if 
the edited data is constituted with original data, primary 

25 user data and editing process data, and thus, these orig- 
inal data, primary user data and editing process data 
are managed by the data copyright management sys- 
tem described in embodiments 1 to 13. 
[0353] In this case, a program for edition used for ed- 

30 jtng data may be managed by the data copyright man- 
agement system, if necessary. 
[0354] While the above data edition of original data 
can be performed by using a program for edition corre- 
sponding to the original data, by handling the original 

35 data as object-oriented software which has recently 
been focused on, it is possible to facilitate further editing 
of data and manage more preferably copyrights of data. 
[0355] Moreover, by adopting agent-oriented soft- 
ware, a user can synthesize data with little labor. 

40 [0356] The agent-oriented software, unlike' the con- 
ventional one, is a program having autonomy, flexibility 
and cooperativeness, which is able to meet a user's re- 
quest with its characteristics of autonomy, flexibility and 
cooperativeness in accordance with only a general in- 

45 struction of the user without specifically giving every op- 
eration instruction to the software. 
[0357] By incorporating the agent program into a ba- 
sic system of a data copyright management system so 
that the program monitors the database utilization of a 

50 user and information obtained through the monitoring is 
collected at the database or the copyright management 
center, it is possible to know the database utilization 
condition of the user at the database side or the copy- 
right management center side and achieve more accu- 

55 rate copyright management. 

[0358] As described, these agent program and data 
can also be protected and, therefore, are encrypted like 
original data. 
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[Embodiment 1 5) 

[0359] Works include those with no copyright and 
those with a copyright and the works with a copyright 
include those which make use of the copyright and those 5 
which do not make use of the copyright. 
[0360] The works with no copyright include those to 
which no copyright is given by a law and those whose 
copyright duration has passed. All works except those 
which have no existing copyright have a copyright, and w 
they are normally provided with a mark for insisting on 
the copyright which prevents infringement of the copy- 
right. 

[0361] The same is applied to data as a work. In case 
of data with a copyright, indication of a copyright or an * 5 
author mark is given to the data to be used or to the file 
header of the data in order to prevent the infringement 
of the copyright. 

[0362] Further, by adding the copyright flag indicative 
of the data with copyright to the file, and by identifying 20 
the copyright flag in the user terminal, it is possible to 
prevent the infringement of the data copyright. 
[0363] However, even if the indication on a copyright 
is given to data, when a user disregards the copyright 
of the data work that results in the infringement of the 25 
copyright. 

[0364] To prevent the above case, in the above men- 
tioned embodiments, data is encrypted and a decryption 
key for decrypting the encrypted data is managed so as 
to perform encryption or decryption by a crypt key dif- 30 
ferent from the decryption key when decrypted data is 
stored, copied, or transmitted. 

[0365] Even in this case, there may be the possibility 
of storing, copying, or transferring data without using a 
cryptographic key different from a decryption key by 35 
transmitting the data to a memory other than the main 
memory of a. user terminal while the data is present in 
the main memory of the user terminal. 
[0366] To prevent the above case, it is the best to in- 
corporate data copyright utilization software into a basic *o 
system of a user terminal, indicate the file of a data work 
to which a copyright is given with an attribute for making 
use of the copyright, make the basic system of the user 
terminal monitor the attribute for using the copyright of 
the data work, and make the data copyright utilization 45 
software manage the data work having the copyright us- 
ing attribute. 

[0367] For the basic system means a software oper- 
ating system such as DOS when the user terminal is a 
computer such as a personal computer or a hardware so 
operating system stored in a ROM when the user termi- 
nal is a portable information terminal or STB (set top 
box). 

[0368] To more completely manage a data copyright 
with the operating system, it is preferable to incorporate 55 
the data copyright utilization software into a higher-level 
operating system. 

[0369] Every processing and every data in the user 



terminal is under control of an operating system. In other 
words, the operating system can hold every processing 
and data in the user terminal. 

[0370] Therefore, it is possible to make the copyright 
management program automatically manage the data 
copyright in accordance with a data utilization condition 
held by the operating system without depending on an 
instruction of the user. According to the above constitu- 
tion, a user can easily use a data copyright and the data 
copyright can more completely be managed. 
[0371] Further, it is desirable that the copyright man- 
agement program for managing the crypt key, data cop- 
yright information, the copyright label or the like is kept 
in a system area controlled by the operating system it- 
self; i.e., the system area which the user program cannot 
access to. 

[0372] Even in this case, however, if part of a data 
work is cut out and used, it is difficult to manage the data 
copyright. Therefore, when an operating system detects 
the such a situation, it is possible to manage the copy- 
right of the cut-out part of the data by constituting a sys- 
tem so as to add copyright information and the copyright 
using attribute owned by original data to the cut-out part 
of the data by the copyright management program. 
[0373] Further, to allow the cut-out data to inherit the 
copyright of the original data work, a "has-a" link, which 
is a parent and child relationship, is formed between the 
cut-out data and the original data work with the copyright 
management program. 

[0374] With such a constitution, it is possible to allow 
the new data to inherit the copyright of each original data 
work in the case where the user cuts out and incorpo- 
rates his own desired portion from a plurality of copyright 
data to produce new data. 

[Embodiment 16] 

[0375] Because a copyright is a kind of property right, 
it is a matter of course that the charging for using the 
copyright occurs. Further, services such as offering of a 
secret-key and a copyright management program 
should be performed for pay. 

[0376] The simplest method for paying these charges 
is a combination of issue of a bill and payment. However, 
this method is complex in its operation and moreover 
may cause a trouble such as nonpayment though the 
charge for using a copyright is directly paid. 
[0377] There is a charge collection substituting meth- 
od performed such as by a communication line enter- 
prise, which is simple and has only a small risk of non- 
payment because charges are collected by the commu- 
nication line enterprise. However, it is necessary to pay 
a commission for charge collection substitution because 
charges are not directly collected. 
[0378] To solve the above problem, there is a method 
for using digital cash. The digital cash is digital data used 
instead of cash in a computer connected to a commu- 
nication network, which is encrypted and used. 
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[Embodiment 1 7] 

[0379] Further, the constitution of the data copyright 
management system described above can be applied 
not only to the data distribution but also to the distribu- 
tion of the digital cash. 

[0380] The digital cash system which has been pro- 
posed so far is based on a secret-key cryptosystem. The 
encrypted digital cash data is transferred from a bank 
account or a cash service of a credit company, and is 
stored in the IC card so that a terminal device for input/ 
output is used to make a payment The digital cash sys- 
tem which uses this IC card as a cash-box can be used 
at any place such as shops or the like as long as the 
input/ output terminal is installed. However, the system 
cannot be used at places such as homes or the like 
where no input/output terminal is installed. 
[0381 ] Since the digital cash is an encrypted data, any 
device can be used as the cash-box which stores digital 
cash data, in addition to the IC card, as long as the de- 
vice can store encrypted data and transmit the data to 
the party to which the payment is made. As a terminal 
which can be specifically used as the cash-box, there 
are personal computers, intelligent television sets, port- 
able telephone sets such as personal digital assistant 
(PDA), personal handyphone system (PHS), intelligent 
telephone sets, and PC cards or the like which has an 
input/ output function. 

[0382] Trades in which such terminals are used as a 
cash-box for a digital cash can be actualized by replac- 
ing in the constitution of the data copyright control sys- 
tem, the database 1 with a customer's bank, a first user 
terminal 4 with a customer, the second user terminal 5 
with a retailer, the copyright control center 1 8 with a re- 
tailer's bank and a third user terminal 6 with a wholesaler 
or a maker. 

[0383] Further, it is desirable that the digital cash is 
processed as an object associated with data and func- 
tions instead of being as a simple data. 
[0384] In handling a digital cash, there are a common 
digital cash form, an unentered digital cash form private 
for an owner, an entry column in the digital cash form 
private for the owner, a digital cash data showing an 
amount of money, an instruction of handling digital cash, 
and a digital cash form private for the owner in which an 
amount of money is entered. In an object-oriented pro- 
gramming, concepts such as an object, a class, a slot, 
a message and an instance are used. 
[0385] In these correspondence relations, the com- 
mon digital cash form becomes an object, the unentered 
digital cash form private for an owner becomes a class, 
the entry column of a digital cash form private for the 
owner becomes a slot, the instruction of handling digital 
cash becomes a message and the digital cash form pri- 
vate for the owner in which an amount of money is en- 
tered becomes an instance. 

[0386] A digital cash data comprising the amount of 
money and the like is used as an argument. Then, the 



data is transferred and stored in a slot which is referred 
to as an instance variable by the message so that a new 
instance is made which is a digital cash in which the 
amount of money is renewed. 

5 [0387] The digital cash which constitute an object will 
be specifically explained by using Figure 7. 
[0388] In Figure 7, reference numerals 23, 25 and 27 
represent a digital cash form private for the customer in 
which the amount of money stored in a customer termi- 

10 nal is entered, 29 represents a digital cash form private 
for the retail shop in which the amount of money stored 
in a retail shop terminal is entered, and 24, 26 and 28 
represents accounts of each customer's bank. 
[0389] A customer 23 draws out necessary amount of 

15 money from the account 24 to use the digital cash, and 
transfers the drawn out data 31 of the digital cash to the 
digital cash form 23 which is stored in the terminal. 
[0390] In this case, residual amount data 30 of the dig- 
ital cash is usually entered in the digital cash form 23. 

20 The digital cash form is not a class but an instance. The 
drawn out data 31 of the digital cash is transferred as 
an argument to the slot which is an entry column of the 
digital cash form 23 with the message instructing the ad- 
dition to the residual amount data 30 of the digital cash. 

25 Then the drawn out data 31 of the digital cash is added 
to the residual amount data 30 of the digital cash in the 
digital cash form 23 so that a new instance is produced 
in which the amount of money in the entry column of the 
digital cash form 23 is changed. 

30 [0391] In the case where the customer makes a pay- 
ment to the retail shop, the payment data 32 of the digital 
cash which corresponds to the paid amount is trans- 
ferred as an argument to the slot which is an entry col- 
umn of the digital cash form 23 with the message in- 

35 structing the subtraction, from the amount in the entry 
column of the digital cash form 23. Then payment data 
32 of the digital cash is subtracted from the residual 
amount data 30 and the drawn out data 31 in the digital 
cash form 23 so that a new instance is produced in which 

40 the amount of money in the entry column of the digital 
cash form 23 is changed. 

[0392] Further, the payment data 32 of the digital cash 
is transferred to the digital cash form 29 private for the 
retail shop. 

45 [0393] A similar drawing out processing and payment 
processing are performed by digital cash forms 25 and 
27 of other customers. The payment data 33 of the dig- 
ital cash is transferred from the digital cash form 25, and 
the payment data 34 of the digital cash is transferred 

so from the digital cash form 27 to the digital cash form 29 
private for the retail shop. 

[0394] In case of the digital cash 29 private for the re- 
tail shop, the residual amount data 35 of the digital cash 
is usually entered. The payment data 32 of the digital 
55 cash, the payment data 33 of the digital cash, and the 
payment data 34 of the digital cash are transferred as 
arguments to the slot which is an entry column of the 
digital cash form 29 with the message instructing the ad- 
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dition to the residual amount data 35 of the digital cash 
so that the payment data 32, 33 and 34 of the digital 
cash are added to the residual amount data 35 of the 
digital cash, and a new instance is produced in which 
the amount of money in the entry column of the digital 
cash form 29 is changed. 

[0395] In a normal object-oriented programming, it is 
impossible that an argument is transferred to a slot with 
the message so that a new instance is produced and 
the newly produced instance as a whole is transferred. 
However, in case of the digital cash, since the crypto- 
system is used for safety, an instance can be produced 
in which the payment data of the digital cash is entered 
at the payer. This instance can be encrypted and trans- 
ferred to the payee. 

[0396] An embodiment of the trading system will be 
explained in which the digital cash is transferred via a 
communication network by using Figure 8. 
[0397] The embodiment is a modification of embodi- 
ment 9 by using a system constitution shown in Figure 
4. In Figure 4, reference numeral 36 represents a cus- 
tomer, 37 a bank of the customer 36, 38 a retail shop, 
39 a bank of the retail shop 38, 40 a maker, 41 a bank 
of the maker 40. 8 a public line provided by a commu- 
nication enterprise or a communication network such as 
CATV line provided by a cable television enterprise. 
Customer 36, the customer's bank 37, the retail shop 
38, the retail shop's bank 39, the maker 40, the maker's 
bank 41 can be mutually connected with the communi- 
cation network 8. In this system, the customer 36 can 
use a credit company offering cashing service other 
than banks and he can also interpose appropriate 
number of wholesalers between the retail shop and the 
maker. 

[0398] In addition, 42 and 43 are either IC cards or PC 
cards in which digital cash data is stored. The cards are 
used when the communication network is not u sed. 
[0399] Incidentally, in Figure 8, what is represented 
by a broken line is a path of encrypted digital cash data, 
what is represented by the solid line is a path of requests 
from the customer, the retail shop or the maker, and 
what is represented by a one-dot chain line is a path of 
the secret-key from each bank. 
[0400] Further, in this embodiment, the first secret- 
key prepared by the customer's bank 37, the second se- 
cret-key generated by the customer, the third s ecret- 
key generated by the retail shop, and the fourth secret- 
key prepared by the maker are used as crypt keys. 
[0401] In this embodiment, the customer's bank 37, 
the retail shop's bank 39, and the maker's bank 41 are 
explained as separate entities. These can be consid- 
ered as a financial system as a whole. 
[0402] The digital cash management program P for 
encrypting and decrypting the digital cash data is pre- 
liminarily distributed to the customer 36 and is stored in 
the user terminal. Further, it is possible to transfer the 
digital cash management program P together with data 
every time trade with the bank is executed. Further, it is 



desirable to install the common digital cash programs P 
in all banks. 

[0403] The customer 36 uses the user terminal to des- 
ignate the amount of money via the communication net- 

5 work 8 to request drawing out from the account of the 
customer's bank 37 to the bank. At this time, the terminal 
presents customer information Ic, 
[0404] The customer's bank 37 which receives the 
customer's request of drawing out from the account se- 

10 lects or generates the first secret-key Ks1 so that the 
digital cash data M0 of the amount is encrypted by the 
first secret-key Ks1 : 

15 CmOksl =E(Ks1, M0) 

and the encrypted digital cash data CmOksl and the first 
secret-key Ks1 for a decrypting key are transferred to 
the customer 36, and the customer information Ic and 
20 the first secret-key Ks1 are stored. 

[0405] In this case, the first secret-key Ks1 can be se- 
lected from what is preliminarily prepared by the cus- 
tomer's bank 37, and also may be generated by p re- 
sentation of the customer information Ic at the time of 
25 drawing of the customer using the digital cash manage- 
ment program P on the basis of the customer informa- 
tion Ic: 

30 Ks1=P(lc). 

[0406] Through this means, the first secret-key Ks1 
can be private for the customer 36. At the same time, it 
is not necessary to transfer the first secret-key Ks1 to 
35 the customer 36 so that the safety of the system can be 
heightened. 

[0407] Further, the first secret-key Ks1 can be gener- 
ated on the basis of the bank information lbs of the cus- 
tomer's bank 37 or on the basis of the bank information 
40 lbs and the date of key generation. 

[0408] The customer 36 to which the encrypted digital 
cash data CmOksl and the first secret-key Ks1 are 
transferred generates the second secret-key Ks2 ac- 
cording to any one or both of the customer information 
45 ic and the first secret-key Ks1 using the digital cash 
management program P: 

Ks2=P(lc) 

50 

and the generated second secret-key Ks2 is stored in 
the user terminal. 

[0409] Further, the customer 36 uses the secret-key 
Ks1 to decrypt the encrypted digital cash data CmOksl 
55 with the digital cash management program P: 

M0=D(Ks1,.Cm0ks1) 
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and the content is confirmed. When the decrypted digital 
cash data MO whose content is confirmed is stored in 
the user terminal which is a cash-box, the generated 
second secret-key Ks2 is used to encrypt the content by 
the digital cash management program P: 

CmOKs2=E(Ks2, MO). 

[0410] Incidentally, the first secret-key Ks1 is disused 
at this time. 

[0411] The customer 36 who wishes to buy an article 
from the retail shop 38 decrypts the encrypted digital 
cash data Cm0ks2 which is stored in the user terminal 
as a cash-box by the digital cash management program 
P by using the second secret-key Ks2: 

M0=D(Ks2, Cm0ks2) 

and the digital cash data M1 which corresponds to the 
necessary amount of money is encrypted by the second 
secret-key ks2 using the digital cash management pro- 
gram P: 

Cm1ks2=E(Ks2, M1) 

and then, the payment is made by transmitting the en- 
crypted digital cash data Cm1ks2 to the user terminal 
as a cash-box of retail shop 38 via the communication 
network 8. 

[0412] At this time, the customer information Ic is also 
transmitted to the user terminal of the retail shop 38. 
[0413] Further, the residual amount digital cash data 
M2 is encrypted by the second secret-key Ks2 using the 
digital cash management program P: 

Cm2ks2=E(Ks2, M2) 

and stored in the user terminal of the customer 36. 
[0414] The retail shop 38 to which the encrypted dig- 
ital cash data Cm1ks2 and the customer information Ic 
are transferred stores the transferred encrypted digital 
cash data Cm1ks2 and customer information Ic in the 
user terminal. At the same time, the customer informa- 
tion Ic is presented to the retail shop's bank 39 via the 
communication network 8 for confirming the content and 
the transmission for decription key is requested. 
[0415] The retail shop's bank 39 which is requested 
by the retail shop 38 to transmit the second secret-key 
Ks2 transmits the request of the transmission of the sec- 
ond secret-key Ks2 and the customer information Ic to 
the customer's bank 37. 

[0416] The customer's bank 37 which is requested to 
transmit the second secret-key Ks2 from the retail 
shop's bank 39 generates the second secret-key Ks2 



according to the customer information Ic by the digital 
cash management program P in the case where the sec- 
ond secret-key Ks2 is based only on the customer infor- 
mation Ic, or generates the second secret-key Ks2 ac- 

s cording to the customer information Ic and the first se- 
cret-key Ks1 by the digital cash management program 
P in the case where the second secret-key Ks2 is based 
on the customer information Ic and the first secret-key 
Ks1, and transmits the generated second secret-key 

10 Ks2 to the retail shop's bank 39. 

[0417] The retail shop's bank 39 to which the second 
secret-key Ks2 is transmitted from the customer's bank 
37 transmits the second secret-key Ks2 to the retail 
shop 38 via the communication network 8. 

is [0418] The retail shop 38 to which the second secret- 
key Ks2 is transferred decrypts the encrypted digital 
cash data Cm1ks2 by the second secret-key Ks2 using 
the digital cash management program P: 

20 

M1=D(Ks2, Cm1ks2) 

and after confirming the amount of money, transfers the 
article to the customer 36. 
25 [041 9] Incidentally, in this case, the retail shop 36 can 
directly requests the transfer of the second secret-key 
Ks2 to the customer's bank 37 instead of the retail 
shop's bank 39. 

[0420] In case where the digital cash received by the 
30 retail shop 38 is deposited in the account of the retail 
shop's bank 39, the customer information Ic is trans- 
ferred to the retail shop's bank 39 together with the en- 
crypted digital cash data Cm1ks2 via the communica- 
tion network 8. 

35 [0421] The retail shop's bank 39 to which the encrypt- 
ed digital cash data Cm1ks2 and the customer informa- 
tion Ic are transferred requests the transfer of the sec- 
ond secret-key Ks2 to the customer's bank 37 by trans- 
mitting the customer information Ic. 

40 [0422] The customer's bank 37, which is requested to 
transfer the second secret-key Ks2 from the retail shop's 
bank 39, generates the second secret-key Ks2 accord- 
ing to the customer's information Ic by the digital cash 
management program P when the second secret-key 

« Ks2 is only based on the customer's information Ic, or 
generates the second secret-key Ks2 according to the 
customer's information Ic and the first secret-key Ks1 
by the digital cash management program P when the 
second secret-key Ks2 is based on the customer's in- 

50 formation Ic and the first secret-key Ks1 , then the gen- 
erated second secret-key Ks2 is transferred to the retail 
shop's bank 39. 

[0423] The retail shop's bank 39, to which the second 
secret-key Ks2 is transferred from the customer's bank 
55 37, decrypts the encrypted digital cash data Cm1 ks2 by 
the second secret-key Ks2 using the digital cash man- 
agement program P: 
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M1=D(Ks2,Cm1ks2) 

and the decrypted digital cash data M1 is deposited in 
the bank account of the retail shop 39. 5 
[0424] In the general trade system, the retail shop 38 
stocks products from the maker 40 or from the whole 
sale shops which intervene between the retail shop 38 
and the maker 40. Then the retail shop 38 sells the prod- 
ucts to the customer 36. Consequently, a trading form 10 
is present between the customer 36 and the retail shop 
38 just as between the retail shop 38 and the maker 40. 
[0425] The handling of the digital cash between the 
retail shop 38 and the maker 40 is not basically different 
from the handling of the digital cash which is carried out f5 
between the customer 36 and the retail shop 38. There- 
fore, the explanation there will be omitted for the sake 
of clarity. 

[0426] In this digital cash system, the digital cash is 
handled through bank. As information such as the proc- 20 
essed amount of the digital cash, date, and the secret- 
key demanding party information with respect to the 
handling of the digital cash is stored in the customer's 
bank, the residual amount and usage history can be 
grasped. 25 
[0427] Even in the case where the user terminal which 
is a cash-box storing the digital cash data cannot be 
used owing to the loss or the breakage, it is possible to 
reissue the digital cash on the basis of the residual 
amount, and usage history kept in the customer's bank. 30 
[0428] It is desirable to add a digital signature to the 
digital cash data for heighten the safety of the digital 
cash. 

[0429] In this embodiment, digital cash is added by 
the customer's information which may be accompanied 35 
by digital signature. Therefore, the digital cash in the 
embodiment can also have a function of settlement sys- 
tem for checques drawn by customers. 
[0430] Also this system can be applicable to various 
systems such as a negotiation of a draft by a letter of *o 
credit and a bill of lading in the international trading, 
which have been executed by documents. 

[Embodiment 18] 

45 

[0431] The digital cash in the digital cash system 
which is explained in embodiment 17 is always handled 
through bank. However, since it is possible to handle the 
digital cash without bank intervention, the digital cash 
system in which the bank does not intervene will be ex- so 
plained. 

[0432] In the digital cash system, a public-key and a 
private-key are used as crypt keys for encrypting the dig- 
ital cash data. The secret-key ks and customer informa- 
tion 1c used in embodiment 17 is not used. 55 
[0433] Consequently, in this digital cash system, the 
digital cash is used in the same form as money. 
[0434] Since other points are not different from the 



system constitution shown in embodiment 17, concrete 
explanation is omitted. 

[0435] The party which receives the digital cash at 
each bank, customer, retail shop and maker with respect 
to this digital cash system prepares the public-key and 
the private-key. The public-key can be preliminarily sent 
to the party which is scheduled to make a payment, or 
can be sent to the party before the trade is executed. 
Here an explanation is made on the supposition that the 
key is preliminarily distributed. 

[0436] The customer 36 requests to the customer's 
bank 37 for drawing out the money from the bank ac- 
count via.the communication network 8 from a user ter- 
minal, by indicating an amount of the money. 
[0437] The customer's bank 37 which receives the re- 
quest for drawing out money from the customer 36 en- 
crypts the digital cash data Mo of the amount of money 
drawn by a customer public-key Kbc which is prelimi- 
narily sent, using the digital cash management program 
P 

Cm0kbc=E(Kbc. MO) 

and transfers the encrypted digital cash data CmOkbc 
to the customer 36. 

[0438] The customer 36 to which the encrypted digital 
cash data CmOkbc is transferred decrypts the digital 
cash data by the customer private-key Kvc which corre- 
sponds to the customer public-key Kbc using the digital 
cash management program P: 

M0=D(Kvc, CmOkbc), 

confirms the content, and changes the residual amount 
to M2(=M0+M1) in the case where there is a residual 
amount data M1 in the terminal. Then, the digital cash 
data M2 in which the amount of money is changed is 
encrypted with the customer public-key Kbc with the dig- 
ital cash management program P: 

Cm2kbc=E(Kbc, M2) 
and stored in the terminal. 

[0439] The customer 36 who wishes to buy products 
from the retail shop 38 decrypts the encrypted digital 
cash data Cm2Kbc stored in the terminal by the custom- 
er private-key Kvc using the digital cash management 
program P: 

M2=D(Kvc, Cm2kbc), 

encrypts the digital cash data M3 corresponding to the 
required amount of money with the digital cash manage- 
ment program P by the retail shop public-key Kbs which 
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is preliminarily sent: 

Cm3kbs=E(Kbs, M3) 

5 

and the payment is made by transferring the digital cash 
data to the terminal of the retail shop 38 via the commu- 
nication network 8. 

[0440] Further, the residual amount digital cash data 
M4(=M2-M3) is encrypted by the customer public-key 10 
Kbc using the digital cash management program P 

Cm4kbc=E(Kbc, M4) 

15 

and stored in the terminal. 

[0441] The retail shop 38 to which the encrypted dig- 
ital cash data Cm3Kbs is transferred decrypts the digital 
cash data with the digital cash management program P 
by the retail shop private-key Kvs corresponding to the 20 
retail shop public-key Kbs: 

M3=D(Kvs, Cm3kbs), 

25 

confirms the content and changes the residual amount 
data to M6(M5+M3) in the case where the residual 
amount data M5 is present in the terminal. Then, the 
digital cash data M6 in which the amount of money is 
changed is encrypted with the retail shop public-key Kbs 30 
with the digital cash management program P: 

Cm6kbs=E(Kbs, M6) 

35 

and stored in the terminal. 

[0442] The retail shop 38 which is willing to settle the 
stock account of products to the maker 40 makes the 
settlement using the same manner. 
[0443] In the general trade system, the retail shop 38 40 
stocks products either from the maker 40 or the whole- 
saler placed between the retail shop 38 and the maker 
40 and sells the products to the customer 36. 
[0444] Consequently, a trade form similar to the trade 
form between the customer 36 and the retail shop 38 is 45 
present between the retail shop 38 and the maker 40. 
[0445] Since the handling of the digital cash between 
the retail shop 38 and the maker 40 is not basically dif- 
ferent from the handling of digital cash between the cus- 
tomer 36 and the retail shop 38, an explanation is omit- so 
ted for the sake of clarity. 

[0446] In the aforementioned embodiment 17 and 
embodiment 18, a constitution of a data copyright man- 
agement system explained by using Figure 4 is applied 
to actualize the digital cash system. Further, customer 55 
information is used and the secret-key to be used is al- 
tered in embodiment 17, and the public-key and the pri- 
vate-key are used in embodiment 18. 



[0447] However, as a system constitution for actual- 
izing the digital cash system, the constitution of the other 
copyright management systems, any constitution of the 
data copyright management system shown in Figure 1 , 
2, 3 and 5 can be applied. Further, as a cryptosystem 
used in the case, any of the cryptosystems explained in 
embodiments 1 through 1 3 using the non-altered secret- 
key, the public-key and the private-key, a combination 
of the secret-key, publi c-key and the private-key, and 
complex keying can be applied. 

[Embodiment 19j 

[0448] In the video conference system, a television 
picture has been added to the conventional voice tele- 
phone set. Recently the video conference system is ad- 
vanced in which a computer system is incorporated in 
the video conference system so that the quality of the 
voice and the picture are improved, and data can be 
handled at the same time as well as the voice and the 
picture. 

[0449] Under these circumstances, security against 
the violation of the user's privacy and the data leakage 
due to eavesdropping by persons other than the partic- 
ipants of the conference are protected by the cryptosys- 
tem using a secret-key. 

[0450] However, since the conference content ob- 
tained by the participants themselves are decrypted, in 
the case where participants themselves store the con- 
tent of the conference and sometimes edit the content, 
and further, use for secondary usage such as distribu- 
tion to the persons other than the participants of the con- 
ference, the privacy of other participants of the video 
conference and data security remains unprotected. 
[0451] In particular, the compression technology of 
the transmission data is advanced while the volume of 
the data storage medium is advanced with the result that 
the possibility is getting more and more realistic that all 
the content of the video conference is copied to the data 
storage medium or is transmitted via a network. 
[0452] In view of the circumstances, embodiment 19 
is intended, when video conference participants perform 
secondary use, to secure the privacy of other partici- 
pants and data security by using the aforementioned 
constitution of the data copyright management system. 
[0453] This video conference data management sys- 
tem can be actualized, for example, by replacing the da- 
tabase 1 in the data copyright management system con- 
stitution shown in Figure 4 with a participant of the video 
conference, the first user terminal 4 with another partic- 
ipant of the video conference, and the second user ter- 
minal 5 with non-participant of the video conference. 
[0454] Embodiment 1 9 will be explained by using Fig- 
ure 9. 

[0455] Referring to Figure 9, reference numeral 44 
represents a participant as a host of the video confer- 
ence, 45 a participant of the video conference as a 
guest; 46 a non-participant of the video conference as 
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a user, 47 a non-participant of the video conference as 
another user, 8 a communication network such as a pub- 
lic telephone line provided by the communication enter- 
prise and a CA television line provided by the cable tel- 
evision enterprise or the like. The participant 44 of the 5 
video conference is connected to the participant 45 of 
the video conference via the communication network 8. 
Further, the participant 45 of the video conference can 
be connected to the non-participant 46 of the video con- 
ference, and the non-participant 46 of the video confer- 10 
ence to the non-participant 47 of the video conference, 
via the communication network 8. Reference numeral 
48 represents a data recording medium. 
[0456] Referring to Figure 9, what is represented by 
the broken line is a path of the encrypted video confer- is 
ence content, represented by the solid line is a path re- 
questing the crypt key from the non-participants 46 and 
47 of the television conference to the participant of the 
television conference 44, and represented by the one- 
dot chain line is a path of crypt keys from the participant 20 
of the video conference 44 to the participant of the video 
conference 45 and the non-participants of the video con- 
ference 46 and 47. 

[0457] In this embodiment, a video conference data 
management system is described here only the protec- 25 
tion for data security and privacy in case of the video 
conference participant 44 to simplify the explanation, 
however, it is of course, possible to protect for data se- 
curity and privacy of the video conference participant 45. 
[0458] A video conference data management pro- 30 
gram P for encryption/decryption of the video confer- 
ence data is previously distributed to the video confer- 
ence participant 45 and the video conference non-par- 
ticipants 46 and 47, and is stored in each terminal. The 
video conference data management program P may be 35 
transferred whenever a crypt key is transferred. 
[0459] In this embodiment, further, a first secret-key 
prepared by the video conference participant 44, a sec- 
ond secret-key prepared by the video conference par- 
ticipant 45 and a third secret-key prepared by the video *o 
conference non-participant 46 are also used. 
[0460] The video conference participant 44 and the 
video conference participant 45 perform the video con- 
ference by transmitting audio, picture and data (referred 
to as video conference data on the whole) each other, 45 
using each terminal via communicatin network 8. Before 
the video conference, the video conference participant 
44 generates or selects the first secret-key Ks1 to trans- 
fer to the video, conference participant 45 prior to the 
start of the video conference. 50 
[0461] The video conference participant 45 receiving 
the first secret-key Ks1 generates the second secret- 
key Ks2 by the first secret-key Ks1 using the video con- 
ference data management program P: 

55 

Ks2=P(Ks1). 



[0462] The generated second secret-key Ks2 is 
stored in the terminal. 

[0463] The participant 44 of the video conference en- 
crypts the video conference data M0 with the first secret- 
key Ks1 in the video conference via the communication 
network 8: 

Cm0ks1=E(Ks1, M0) 

and transfers the encrypted video conference data 
CmOksl to the video conference participant 45. 
[0464] The participant 45 of the video conference who 
receives the video conference data CmOksl encrypted 
by the first secret-key Ks1 decrypts the video confer- 
ence data CmOksl by the first secret-key Ks1: 

M0=D(ks1, CmOksl) 

and uses decrypted video conference data M0. 
[0465] Further, the second secret-key Ks2 is generat- 
ed based on the first secret-key Ksl with the video con- 
ference data management program P: 

Ks2=P(Ks1). 

[0466] In the case where the decrypted video confer- 
ence data M0 is stored in the terminal of the participant 
45 of the video conference, copied to the data record 
medium 48, or transferred to the non-participant of the 
video conference via the communication network 8, the 
data M is encrypted by the second secret-key Ks2 using 
the video conference data management program P: 

Cmks2=E(Ks2, M). 

[0467] The encrypted data Cmks2 is copied to the 
record medium 48 or supplied to the non-participant of 
the video conference via the communication network 8, 
together with the video conference data name or the vid- 
eo conference data number. 

[0468] The non-participant 46 of the television confer- 
ence who obtains the encrypted data CmKs2 requests 
to the participant 44 for the secondary use of the video 
conference data M from the terminal by specifying the 
name or number of the video conference data. 
[0469] The participant 44 of the video conference who 
receives the request for the second use of the data M 
finds out the first secret-key Ks1 according to the name 
or the number of the video conference data name or 
number to generate the second secret-key Ks2 based 
on the first secret-key Ks1 : 

Ks2=P(Ks1) 
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and supplies the generated second secret-key Ks2 to 
the non-participant 46 of the video conference. 
[0470] The non-participant 46 of video conference 
who receives the second secret-key Ks2 decrypts the 
encrypted data Cmks2 by the second secret-key Ks2 by 
using the television conference data management pro- 
gram P: 

M=D(Ks2, Cmks2) 

and then, uses decrypted video conference data M. 
[0471] In the case where the video conference data 
M is stored in the terminal of the non-participant 46 of 
the video conference, copied to the record medium 49, 
or transmitted to the non-participant 47 of the video con- 
ference, the video conference data M is encrypted by 
the second secret-key Ks2 using the video conference 
data management program P: 

Cmks2=E(Ks2, M). 

[0472] Incidentally, the third secret-key Ks3 may be 
generated on the basis of the second secret-key Ks2 
with the television conference data management pro- 
gram P: 

Ks3=P(Ks2), 

and the data M can be encrypted with the video confer- 
ence data management program P by this generated 
third secret-key Ks3: 

Cmks3=E(Ks3, M). 

[0473] In embodiment 19 described above, the con- 
stitution of the data copyright management system 
which is explained by using Figure 4 for realizing the 
video conference data management system is applied 
and alter the secret-key which has been used. 
[0474] However, as a constitution of a system for re- 
alizing the video conference data system, as the other 
system constitution; i.e., any of system constitutions 
shown in Figure 1,2,3,4 and 5 can be applied. Further, 
as cryptosystem used in such a case, the non-altered 
secret-key, the public-key and the private-key.a combi- 
nation of the secret-key, the public-key and the private- 
key, and the complex keying which is explained from 
embodiment 1 to 13 can be applied. 
[0475] Further, in this explanation, it is supposed that 
the participant of the video conference as a guest stores 
and uses the video conference data, copies the data on 
the record medium and transfers the data via the com- 
munication network. It is also possible to limit these ac- 
tions by making the crypt key used in the encryption 



process be disused. 
[Embodiment 20] 

5 [0476] As described above, each user who uses the 
system of the present invention must previously be en- 
tered in a database system, and when entered in the 
system, software for database is supplied to the user. 
[0477] Because the software includes not only norma! 

10 communication software such as a data communication 
protocol but also a program for decrypting a copyright 
management program by a first crypt key, it is necessary 
to be protected. 

[0478] In case of the present invention, a first crypt 
15 key K1 , a second crypt key K2, and a copyright man- 
agement program P are transferred to each user in order 
to use data M. Therefore, each user must keep these 
keys and the program. 

[0479] Further, the copyright information label, user 
20 information, the public-key and private-key in the public- 
key cryptosystem and the program containing algorithm 
for generating the secret-key are kept when needed. 
[0480] For keeping them, it is the simplest means to 
use a flexible disk. However, the flexible disk is easy in 
25 disappearance or alteration of data. 

[0481] Moreover, a hard disk drive is also unstable for 
disappearance or alteration of data though it is more sta- 
ble than the flexible disk. 

[0482] Recently, an IC card is spread in which an IC 
30 element is sealed in a card-like package. Particularly, 
standardization of a PC card with a microprocessor 
sealed in it is progressed as a PCMCIA card or J El DA 
card. 

[0483] Figure 10 shows an embodiment of the data- 
35 base copyright management system of the present in- 
vention constituted by using the PC card. 
[0484] In Figure 10, reference numeral 50 represents 
a microprocessor of a user terminal, 51 represents a 
system bus, and 52 represents a PC card in which a PC 
<o card microprocessor 53, a read-only memory 55, and a 
random-access memory 56 are sealed and these are 
connected each other by a PC card microprocessor bus 
54. 

[0485] The read-only memory 55 stores fixed informa- 
45 tion such as database software and user data as a da- 
tabase. 

[0486] The read-only memory 55 also stores a first 
crypt key, a second crypt key, and a copyright manage- 
ment program supplied from a key control center 9 or a 

so copyright management center. Because data is also 
written in the read-only memory 55, it is the simplest to 
use an EEPROM for the memory 55. 
[0487] As previously described, because data, the 
crypt key the copyright management program can be 

55 encrypted and supplied to users, for using data, it is nec- 
essary to decrypt these crypt key, copyright manage- 
ment program and the data. 

[0488] To perform the above operations,, the micro- 
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processor 50 of the user terminal uses the software, 
crypt key and copyright management program stored in 
the read-only memory 55 of the PC card 52. 
[0489] In this case, however, there is a risk that these 
data informations may illegally be used because they s 
are transferred to the user terminal. To avoid the risk, it 
is necessary to make the microprocessor 55 in the PC 
card 52 perform every operation by using the random- 
access memory 56 through the CPU bus 54 and transfer 
results only to the user terminal for various types of uti- 10 
lization. 

[0490] When the PC card is used, a different unit can 
be used as the user terminal. 

[0491] It is also possible to use a board or external 
unit having the above functions in addition to the PC 15 
card. 

Claims 

20 

1. Data copyright management system for managing 
the copyright of encrypted data supplied from a da- 
tabase to a user system (4 7), said data copyright 

management system having 

a database (1) 25 
a key control center (9); 

wherein said data copyright management system 
uses a first secret-key, a second secret-key and a 
copyright management program; 
said database (1 ) encrypts the data by the first se- so 

cret-key to send the data to a user system (4 7) 

via communication network (8), communication and 
broadcasting satellite (2) and record medium (3); 
said key control center (9) supplies said first secret- 
key and second secret-key to said user system 35 
(4 7); said user system (4,.. .,7) uses said first se- 
cret-key when said user system (4,..., 7) displays or 
edits said data to decrypt said encrypted data; and 
said data is re-encrypted automatically using said 
second secret-key by said copyright manage-ment 40 

program when said user system (4 7) stores, 

copies or transfers said data or data which has been 
edited. 

2. Data copyright management system according to 45 
claim 1 wherein said second secret-key is different 
from said first secret-key. 

3. Data copyright management system according to 
claim 1 wherein said second secret-key is same as so 
said first secret-key. 

4. Data copyright management system according to 
claim 1, wherein said data copyright management 
program is stored in a ROM of a device which said 55 
user system (4,. ..,7) uses. 

5. Data copyright management system according to 



claim 1, wherein said data copyright management 
program is stored in an operating system of a device 
which said user system (4,.. .,7) uses. 

6. Data copyright management system according to 
claim 1, wherein said data copyright management 
program is stored in a system area controlled by an 
operating system of the device which said user sys- 
tem (4 7) uses. 

7. Data copyright management system according to 
one of the preceding claims, wherein further a cop- 
yright information which is not encrypted with re- 
spect to said data copyright is used. 

8. Data copyright management system according to 
claim 7, wherein said non-encrypted copyright in- 
formation is added to said encrypted data as a cop- 
yright information label, said copyright information 
label being stored, copied or transmitted together 
with said data if said data is stored, copied or trans- 
mitted. 

9. Data copyright management system according to 
claim 7 or 8, wherein a digital signature is added to 
said copyright information label. 

10. Data copyright management system according to 
claim 1 , wherein said data copyright management 
system further uses user information; 

a first user system (4) sends first user information 
to said key control center (9) to request the use; said 
key control center (9) transfers said first user infor- 
mation to said copyright management center (10); 
and 

said key control center (9) further transfers the cop- 
yright management program together with said first 
secret-key and second secret-key to said first user 
system (4) via said communication network (8). 

11. Data copyright management system according to 
claim 10 wherein said first secret-key and said sec- 
ond secret-key are disused with said copyright 
management program, when said decrypted data is 
copied or transmitted; and 

said first user system (4) requests the retransfer of 
said second secret-key for the reuse of said reen- 
crypted data to said copyright management center 
(1 0) so that said second secret-key is retransmitted. 

12. Data copyright management system according to 
claim 11 wherein the copy or transmission of said 
encrypted data is registered in said copyright man- 
agement center (10) according to the retransfer of 
said second secret-key. 

13. Data copyright management system according to 
claim 11 or 12, wherein second user system (5) 
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presents said first user information to request the 
use to said copyright management center (10); 
said copyright management center (10) transfers 
said second secret-key and third secret-key, and 
said copyright management program to said sec- 
ond user system (5) after confirming the retransfer 
of said second secret-key to said first user system 
(4); said second user system (5) decrypts said en- 
crypted data with said copyright management pro- 
gram by using said second secret-key; and 
said data is reencrypted and decrypted with said 
copyright management program by using said third 
secret-key when said decrypted data is stored, cop- 
ied or transmitted, 

14. Data copyright management system according to 
one of claims 1 0 to 1 3, wherein said second secret- 
key is generated on the basis of any one or more of 
said first secret-key, said user information, and the 
usage frequency of said copyright management 
program with said copyright management program. 



Patentanspruche 

1. Datenurheberrechts-Verwaltungssystem zum Ver- 
waiten des Urheberrechts von verschlOsselten Da- 
ten, die von einer Datenbank zu einem Benutzersy- 
stem (4, .... 7) geliefert werden, welches Datenur- 
heberrechts-Verwattungssystem aufweist: 

eine Datenbank (1), 

ein SchlOsselsteuerzentrum (9); 



2. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 1, bei dem derzweite GeheimschlOssel un- 
terschiedlich gegenOber dem ersten Geheim- 
schlOssel ist. 

5 

3. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 1 , bei dem der zweite GeheimschlOssel der- 
selbe wie der erste GeheimschlOssel ist. 

10 4. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 1 , bei dem das Daten urheberrechts-Verwal- 
tungsprogramm in einem Festwertspeicher einer 
Vorrichtung, die das Benutzersystem (4, .... 7) ver- 
wendet, gespeichert ist. 

15 

5. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 1 , bet dem das Datenurheberrechts-Verwal- 
tungsprogramm in einem Operationssystem einer 
Vorrichtung, die das Benutzersystem (4, 7) ver- 

20 wendet, gespeichert ist. 

6. Datenurheberrechts-Verwaltungssystern nach An- 
spruch 1 , bei dem das Daten urheberrechts- Verwal- 
tungsprogramm in einem Systembereich gespei- 

25 chert ist, der von einem Operationssystem der Vor- 
richtung gesteuert wird, die von dem Benutzersy- 
stem (4, .... 7) verwendet wird. 

7. Daten urheberrechts -Verwaltungssystem nach ei- 
30 nem der vorhergehenden Anspruche, bei dem wei- 

terhin Urheberrechtsinformationen verwendet wer- 
den, die nicht in Bezug auf das Daten urheberrecht 
verschlOsselt sind. 



wobei das Datenurheberrechts-Verwaltungssy- 35 
stem einen ersten GeheimschlOssel, einen zweiten 
GeheimschlOssel und ein Urheberheberrechts-Ver- 
waltungsprogramm verwendet; 
die Datenbank (1 ) die Daten mit dem ersten Ge- 
heimschlOssel verschlOsselt, urn die Daten Ober ein *o 
Kommunikationsnetzwerk (8), Kommuntkationsund 
Funksende-Sateiliten (2) und ein Aufzeichnungs- 

medium (3) zu einem Benutzersystem (4 7) sen- 

det; 

das SchlOsselsteuerzentrum (9) den ersten Ge- 45 
heimschlussel und den zweiten GeheimschlOssel 

zu dem Benutzersystem (4 7) sendet; 

das Benutzersystem (4, .... 7) den ersten Geheim- 
schlOssel verwendet, wenn das Benutzersystem 

(4 7) die Daten anzeigt oder aufbereitet, urn die so 

verschlOsselten Daten zu entschlusseln; und 
die Daten unter Verwendung des zweiten Geheim- 
schlOssels von dem Urheberrechtsverwaltungspro- 
gramm automatisch wieder verschlOsselt werden, 

wenn das Benutzersystem (4 7) diese Daten 55 

Oder Daten, welche aufbereitet wurden, speichert, 
kopiert oder ubertragt. 



8. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 7, bei dem die nicht verschlOsselten Urhe- 
berrechtsinformationen zu den verschlOsselten Da- 
ten als ein Urheberrechtsinformations-Kennzei- 
chen hinzugefugt sind, wobei dieses Urheber- 
rechtsinformations-Kennzeichen zusammen mit 
diesen Daten, wenn diese gespeichert, kopiert oder 
Obertragen werden, gespeichert, kopiert oder Ober- 
tragen werden. 

9. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 7 oder 8, bei dem eine digitate Unterschrift 
zu dem Urheberrechtsinformations-Kennzeichen 
hinzugefugt ist. 

10. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 1 , bei dem das Daten urheberrechts-Verwal- 
tungssystem weiterhin Benutzerinformationen ver- 
wendet; 

ein erstes Benutzersystem (4) erste Benutzerinfor- 
mationen zu dem SchlOsselsteuerzentrum (9) sen- 
det, um die Benutzung anzufordern; 
das SchlOsselsteuerzentrum (9) die ersten Benut- 
zerinformationen zu dem Urheberrechtsverwal- 
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tungszentrum (10) QbertrSgt; und 
das SchlQsselsteuerzentrum (9) weiterhin das Ur- 
heberrechtsverwaltungsprogramm zusammen mit 
dem ersten GeheimschlQssel und dem zweiten Ge- 
heimschlQssel zu dem ersten Benutzersystem (4) 
Ober das Kommunikationsnetzwerk (8) Gbertragt. 

11. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 10, bei dem der erste GeheimschlQssel und 
der zweite GeheimschlQssel von dem Urheber- 
rechtsverwaltungsprogramm nicht gebraucht wer- 
den, wenn die entschlOsselten Daten kopiert Oder 
Qbertragen werden; und das erste Benutzersystem 
(4) die WiederObertragung des zweiten Geheim- 
schlOssels fQr die Wiederverwendung der wieder 
verschlQsselten Daten zu dem Urheberrechtsver- 
waltungszentrum (10)anfordert, so dass der zweite 
GeheimschlQssel wieder Qbertragen wird. 

12. Daten urn eberrechts-Verwaltungssystem nach An- 
spruch 1 1 , bei dem die Kopie Oder die Obertragung 
der verschlQsselten Daten in dem Urheberrechts- 
verwaltungszentrum (10) entsprechend der Wie- 
derObertragung des zweiten Geheimschlussels re- 
gistriert wird. 

13. Datenurheberrechts-Verwaltungssystem nach An- 
spruch 11 Oder 12, bei dem ein zweites Benutzer- 
system (5) die ersten Benutzerinformationen dem 
Urheberrechtsverwaltungszentrum (10) prSsen- 
tiert, um die Benutzung anzufordern; 

das Urheberrechtsverwaltungszentrum (10) den 
zweiten GeheimschlQsset und den dritten Geheim- 
schlOssel und das Urheberrechtsverwaltungspro- 
gramm zu dem zweiten Benutzersystem (5) Qber- 
, trSgt, nachdem die WiederObertragung des zweiten 
GeheimschtQssels zu dem ersten Benutzersystem 
(4) bestatigt wurde; 

das zweite Benutzersystem (5) die verschlQsselten 
Daten mittels des Urheberrechtsverwaltungspro- 
gramms unter Verwendung des zweiten Geheim- 
schlQssels entschlQsselt; und 
die Daten mittels des Urheberrechtsverwaltungs- 
programms unter Verwendung des dritten Geheim- 
schlussels wieder verschlQsselt und entschlOsselt 
werden, wenn die entschlusselten Daten gespei- 
chert, kopiert oder Qbertragen werden. 

14. Datenurheberrechts-Verwaltungssystem nach ei- 
nem der AnsprQche 10 bis 13, bei dem der zweite 
GeheimschlQssel auf der Grundlage von einem 
oder mehreren von dem ersten GeheimschlQssel, 
den Benutzerinformationen und der Verwendungs- 
frequenz des Urheberrechtsverwaltungspro- 
gramms mittels des Urheberrechtsverwaltungspro- 
gramms gebildet wird. 



Revendications 

1. Systeme de gestion des droits d'auteur de donnees 
permettant de gerer les droits d'auteur de donnees 
codees fournies par une base de donnees a un sys- 
teme utilisateur (4... 7), ledit systeme de gestion des 
droits d'auteur de donnees comportant : 

une base de donnees (1 ) ; 
10 un centre de controle des cles (9) ; 

dans lequel ledit systeme de gestion des droits 
d'auteur de donnees utilise une premiere cle secre- 
te, une seconde cle secrete et un programme de 

15 gestion des droits d'auteurs ; 

ladite base de donnees (1 ) code les donnees par la 
premiere cle secrete pour emettre les donnees a un 
systeme utilisateur (4... 7) via un reseau de com- 
munications (8), un satellite de communication et 

20 de radiodiffusion (2) et un support d'enregistrement 
(3); 

ledit centre de contrdle des cles (9) fournit ladite 
premiere cle secrete et ladite seconde cle secrete 
audit systeme utilisateur (4... 7) ; 

25 ledit systeme utilisateur (4... 7) utilise ladite premie- 
re cle secrete lorsque ledit systeme utilisateur (4... 
7) affiche ou modifie lesdites donnees pour decoder 
lesdites donnees codees ; et 
lesdites donnees sont re-cod6es automatiquement 

30 en utilisant ladite seconde cle secrete par ledit pro- 
gramme de gestion des droits d'auteur lorsque ledit 
systeme utilisateur (4... 7) enregistre, copie ou 
transfere lesdites donnees ou des donnees qui ont 
ete modifiees. 

35 

2. Systeme de gestion des droits d'auteur de donnees 
selon la revendication 1 , dans lequel ladite seconde 
cle secrete est differente de ladite premiere cle se- 
crete. 

40 

3. Systeme de gestion des droits d'auteur de donnees 
selon la revendication 1 , dans lequel ladite seconde 
cle secrete est identique a ladite premiere cle se- 
crete. 

45 

4. Systeme de gestion des droits d'auteur de donnees 
selon la revendication 1 , dans lequel ledit program- 
me de gestion des droits d'auteur de donnees est 
enregistre dans une memoire morte d'un dispositif 

50 que ledit systeme utilisateur (4... 7) utilise. 

5. Systeme de gestion des droits d'auteur de donnees 
selon la revendication 1 , dans lequel ledit program- 
me de gestion des droits d'auteur de donnees est 

55 enregistre dans un systeme d'exploitation d'un dis- 
positif que ledit systeme utilisateur (4... 7) utilise. 

6. Systeme de gestion des droits d'auteur de donnees 
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selon ta revendication 1, dans lequel ledit program- 
me de gestion des droits d'auteur de donnees est 
enregistre dans une zone du systeme contrdlee par 
un systeme d'exploitation dudispositif que leditsys- 
teme utilisateur (4... 7) utilise. 

7. Systeme de gestion des droits d'auteur de donnees 
selon Tune des revendications precedentes, dans 
lequel on utilise en outre des informations de copy- 
right qui ne sont pas codees relatives auxdits droits 
d'auteur de donnees. 

8. Systeme de gestion des droits d'auteur de donnees 
selon la revendication 7, dans lequel lesdites infor- 
mations de copyright non codees sont ajoutees 
auxdites donnees codees en tant qu'etiquette d'in- 
formations de copyright, ladite etiquette d'informa- 
tions de copyright etant enregistree, copiee ou 
transmise avec lesdites donnees si lesdites don- 
nees sont enregistrees, copiees ou transmises. 

9. Systeme de gestion des droits d'auteur de donnees 
selon la revendication 7 ou 8, dans lequel une si- 
gnature numerique est ajoutee a ladite etiquette 
d'information de copyright. 

10. Systeme de gestion des droits d'auteur de donnees 
selon la revendication 1, dans lequel ledit systeme 
de gestion des droits d'auteur de donnees utilise en 
outre des informations utilisateur ; 

un premier systeme utilisateur (4) emet des premie- 
res informations utilisateur audit centre de controle 
des cles (9) pour demander I'utilisation ; 
ledit centre de controle des cles (9} transfere lesdi- 
tes premieres informations utilisateur audit centre 
de gestion des droits d'auteur de donnees (10) ; et 
ledit centre de controle des cles (9) transfere en 
outre vers ledit premier systeme utilisateur (4) le 
programme de gestion des droits d'auteur avec la- 
dite premiere cle secrete et ladite seconde cle se- 
crete via un reseau de communication (8). 



d'auteur (10) en fonction du nouveau transfert de 
ladite seconde cle secrete. 

1 3. Systeme de gestion des droits d'auteur de donnees 
5 selon la revendication 11 ou 12, dans lequel ledit 

second systeme utilisateur (5) presente lesdites 
premieres informations utilisateur pour demander 
I'utilisation audit centre de gestion des droits 
d'auteur (10); ledit centre de gestion des droits 

*o d'auteur (10) transfere vers ledit second systeme 
utilisateur (5) ladite seconde cle secrete et la troi- 
sieme cle secrete, et ledit programme de gestion 
des droits d'auteur apres confirmation du nouveau 
transfert de ladite seconde cle secrete vers ledit 

15 premier systeme utilisateur (4) ; 

ledit second systeme utilisateur (5) decode lesdites 
donnees codees avec ledit programme de gestion 
des droits d'auteur, en utilisant ladite seconde cle 
secrete ; et 

20 lesdites donnees sont re-codees et decodees avec 
ledit programme de gestion des droits d'auteur en 
utilisant ladite troisieme cle secrete lorsque lesdites 
donnees decodees sont enregistrees, copiees ou 
transmises. 

25 

14. Systeme de gestion des droits d'auteur selon Tune 
des revendications 10 a 13, dans lequel ladite se- 
conde cle secrete est generee sur la base de Tun 
quelconque ou de plusieurs des elements suivants : 

30 ladite premiere cle secrete, lesdites informations 
utilisateur, et la frequence d'utilisation dudit pro- 
gramme de gestion des droits d'auteur avec ledit 
programme de gestion des droits d'auteur. 



1 1 . Systeme de gestion des droits d'auteur de donnees 
selon la revendication 10, dans lequel ladite pre- 
miere cle secrete et ladite seconde cle secrete sont 45 
inactivees avec ledit programme de gestion des 
droits d'auteur lorsque lesdites donnees decodees 
sont copiees ou transmises ; et ledit premier syste- 
me utilisateur (4) demande au centre de gestion des 
droits d'auteur (10) le nouveau transfert de ladite so 
seconde cl6 secrete pour reutiliser lesdites don- 
nees re-codees de facon a ce que ladite seconde 
cle secrete soit retransmise. 



1 2. Systeme de gestion des droits d'auteur de donnees 
selon la revendication 11, dans lequel la copie ou 
la transmission desdites donnees codees est enre- 
gistree dans ledit centre de gestion des droits 
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FIG. 2 
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FIG. 3 
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FIG. 4 
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FIG. 5 
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FIG. 9 
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FIG. 10 
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